mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1245053, test NSS_3_23_BETA7, r=me

This commit is contained in:
Kai Engert 2016-02-25 15:35:08 +01:00
Родитель b6bf8bb8b7
Коммит 48201519cb
98 изменённых файлов: 1210 добавлений и 2115 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

1
security/nss/.clang-format
Просмотреть файл

@ -61,4 +61,5 @@ CommentPragmas: '^ IWYU pragma:'
ForEachMacros: [ foreach, Q_FOREACH, BOOST_FOREACH ]
SpaceBeforeParens: ControlStatements
DisableFormat: false
SortIncludes: false
...

2
security/nss/TAG-INFO
Просмотреть файл

@ -1 +1 @@
NSS_3_23_BETA5
NSS_3_23_BETA7

1
security/nss/coreconf/coreconf.dep
Просмотреть файл

@ -10,4 +10,3 @@
*/
#error "Do not include this header file."

18
security/nss/lib/base/arena.c
Просмотреть файл

@ -530,8 +530,7 @@ nssArena_Mark(NSSArena *arena)
/* Unmarked. Store our thread ID */
arena->marking_thread = PR_GetCurrentThread();
/* This call never fails. */
}
else {
} else {
/* Marked. Verify it's the current thread */
if (PR_GetCurrentThread() != arena->marking_thread) {
PR_Unlock(arena->lock);
@ -556,8 +555,7 @@ nssArena_Mark(NSSArena *arena)
if ((nssArenaMark *)NULL == arena->first_mark) {
arena->first_mark = rv;
arena->last_mark = rv;
}
else {
} else {
arena->last_mark->next = rv;
arena->last_mark = rv;
}
@ -845,8 +843,7 @@ nss_ZAlloc(NSSArena *arenaOpt, PRUint32 size)
/* We used calloc: it's already zeroed */
return (void *)((char *)h + sizeof(struct pointer_header));
}
else {
} else {
void *rv;
/* Arena allocation */
#ifdef NSSDEBUG
@ -940,8 +937,7 @@ nss_ZFreeIf(void *pointer)
(void)nsslibc_memset(pointer, 0, h->size);
PR_Free(h);
return PR_SUCCESS;
}
else {
} else {
/* Arena */
#ifdef NSSDEBUG
if (PR_SUCCESS != nssArena_verifyPointer(h->arena)) {
@ -1058,8 +1054,7 @@ nss_ZRealloc(void *pointer, PRUint32 newSize)
(void)nsslibc_memcpy(rv, pointer, h->size);
(void)nsslibc_memset(&((char *)rv)[h->size], 0,
(newSize - h->size));
}
else {
} else {
(void)nsslibc_memcpy(rv, pointer, newSize);
}
@ -1068,8 +1063,7 @@ nss_ZRealloc(void *pointer, PRUint32 newSize)
PR_Free(h);
return rv;
}
else {
} else {
void *p;
/* Arena */
#ifdef NSSDEBUG

11
security/nss/lib/base/error.c
Просмотреть файл

@ -95,13 +95,11 @@ error_get_my_stack(void)
if ((error_stack *)NULL == rv) {
/* Doesn't exist; create one */
new_size = 16;
}
else if (rv->header.count == rv->header.space &&
rv->header.count < NSS_MAX_ERROR_STACK_COUNT) {
} else if (rv->header.count == rv->header.space &&
rv->header.count < NSS_MAX_ERROR_STACK_COUNT) {
/* Too small, expand it */
new_size = PR_MIN(rv->header.space * 2, NSS_MAX_ERROR_STACK_COUNT);
}
else {
} else {
/* Okay, return it */
return rv;
}
@ -227,8 +225,7 @@ nss_SetError(PRUint32 error)
if (es->header.count < es->header.space) {
es->stack[es->header.count++] = error;
}
else {
} else {
memmove(es->stack, es->stack + 1,
(es->header.space - 1) * (sizeof es->stack[0]));
es->stack[es->header.space - 1] = error;

15
security/nss/lib/base/hash.c
Просмотреть файл

@ -92,8 +92,7 @@ nssHash_Create(NSSArena *arenaOpt, PRUint32 numBuckets, PLHashFunction keyHash,
if (arenaOpt) {
arena = arenaOpt;
i_alloced = PR_FALSE;
}
else {
} else {
arena = nssArena_Create();
i_alloced = PR_TRUE;
}
@ -170,8 +169,7 @@ nssHash_Destroy(nssHash *hash)
PL_HashTableDestroy(hash->plHashTable);
if (hash->i_alloced_arena) {
nssArena_Destroy(hash->arena);
}
else {
} else {
nss_ZFreeIf(hash);
}
}
@ -191,11 +189,9 @@ nssHash_Add(nssHash *hash, const void *key, const void *value)
he = PL_HashTableAdd(hash->plHashTable, key, (void *)value);
if ((PLHashEntry *)NULL == he) {
nss_SetError(NSS_ERROR_NO_MEMORY);
}
else if (he->value != value) {
} else if (he->value != value) {
nss_SetError(NSS_ERROR_HASH_COLLISION);
}
else {
} else {
hash->count++;
error = PR_SUCCESS;
}
@ -260,8 +256,7 @@ nssHash_Exists(nssHash *hash, const void *it)
if ((void *)NULL == value) {
return PR_FALSE;
}
else {
} else {
return PR_TRUE;
}
}

3
security/nss/lib/base/item.c
Просмотреть файл

@ -54,8 +54,7 @@ nssItem_Create(NSSArena *arenaOpt, NSSItem *rvOpt, PRUint32 length,
if ((NSSItem *)NULL == rv) {
goto loser;
}
}
else {
} else {
rv = rvOpt;
}

3
security/nss/lib/base/libc.c
Просмотреть файл

@ -106,8 +106,7 @@ nsslibc_memequal(const void *a, const void *b, PRUint32 len,
if (0 == memcmp(a, b, len)) {
return PR_TRUE;
}
else {
} else {
return PR_FALSE;
}
}

12
security/nss/lib/base/list.c
Просмотреть файл

@ -83,8 +83,7 @@ nssList_Create(NSSArena *arenaOpt, PRBool threadSafe)
if (arenaOpt) {
arena = arenaOpt;
i_alloced = PR_FALSE;
}
else {
} else {
arena = nssArena_Create();
i_alloced = PR_TRUE;
}
@ -103,8 +102,7 @@ nssList_Create(NSSArena *arenaOpt, PRBool threadSafe)
if (!list->lock) {
if (arenaOpt) {
nss_ZFreeIf(list);
}
else {
} else {
NSSArena_Destroy(arena);
}
return (nssList *)NULL;
@ -205,13 +203,11 @@ nsslist_add_element(nssList *list, void *data)
}
currNode = (nssListElement *)PR_NEXT_LINK(&currNode->link);
}
}
else {
} else {
/* not sorting */
PR_APPEND_LINK(&node->link, &list->head->link);
}
}
else {
} else {
list->head = node;
}
++list->count;

39
security/nss/lib/base/utf8.c
Просмотреть файл

@ -61,8 +61,7 @@ nssUTF8_CaseIgnoreMatch(const NSSUTF8 *a, const NSSUTF8 *b, PRStatus *statusOpt)
*/
if (0 == PL_strcasecmp((const char *)a, (const char *)b)) {
return PR_TRUE;
}
else {
} else {
return PR_FALSE;
}
}
@ -167,8 +166,7 @@ nssUTF8_PrintableMatch(const NSSUTF8 *a, const NSSUTF8 *b, PRStatus *statusOpt)
if (*c == *d) {
/* And both '\0', btw */
return PR_TRUE;
}
else {
} else {
return PR_FALSE;
}
}
@ -324,23 +322,17 @@ nssUTF8_Length(const NSSUTF8 *s, PRStatus *statusOpt)
PRUint32 incr;
if ((*c & 0x80) == 0) {
incr = 1;
}
else if ((*c & 0xE0) == 0xC0) {
} else if ((*c & 0xE0) == 0xC0) {
incr = 2;
}
else if ((*c & 0xF0) == 0xE0) {
} else if ((*c & 0xF0) == 0xE0) {
incr = 3;
}
else if ((*c & 0xF8) == 0xF0) {
} else if ((*c & 0xF8) == 0xF0) {
incr = 4;
}
else if ((*c & 0xFC) == 0xF8) {
} else if ((*c & 0xFC) == 0xF8) {
incr = 5;
}
else if ((*c & 0xFE) == 0xFC) {
} else if ((*c & 0xFE) == 0xFC) {
incr = 6;
}
else {
} else {
nss_SetError(NSS_ERROR_INVALID_STRING);
goto loser;
}
@ -455,8 +447,7 @@ nssUTF8_Create(NSSArena *arenaOpt, nssStringType type, const void *inputString,
if (0 == size) {
rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt);
}
else {
} else {
rv = nss_ZAlloc(arenaOpt, size + 1);
if ((NSSUTF8 *)NULL == rv) {
return (NSSUTF8 *)NULL;
@ -477,8 +468,7 @@ nssUTF8_Create(NSSArena *arenaOpt, nssStringType type, const void *inputString,
case nssStringType_UTF8String:
if (0 == size) {
rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt);
}
else {
} else {
rv = nss_ZAlloc(arenaOpt, size + 1);
if ((NSSUTF8 *)NULL == rv) {
return (NSSUTF8 *)NULL;
@ -555,8 +545,7 @@ nssUTF8_GetEncoding(NSSArena *arenaOpt, NSSItem *rvOpt, nssStringType type,
(void)nss_ZFreeIf(dup);
return (NSSItem *)NULL;
}
}
else {
} else {
rv = rvOpt;
}
@ -640,13 +629,11 @@ nssUTF8_CopyIntoFixedBuffer(NSSUTF8 *string, char *buffer, PRUint32 bufferSize,
if ((buffer[bs - 1] & 0xC0) != 0x80) {
buffer[bs - 1] = pad;
break;
}
else {
} else {
buffer[bs - 1] = pad;
}
}
}
else {
} else {
(void)nsslibc_memset(buffer, pad, bufferSize);
(void)nsslibc_memcpy(buffer, string, stringSize);
}

84
security/nss/lib/certdb/alg1485.c
Просмотреть файл

@ -261,8 +261,7 @@ scanVal(const char** pbp, const char* endptr, char* valBuf, int valBufSize)
isQuoted = PR_TRUE;
/* skip over it */
bp++;
}
else {
} else {
isQuoted = PR_FALSE;
}
@ -282,15 +281,12 @@ scanVal(const char** pbp, const char* endptr, char* valBuf, int valBufSize)
bp++;
c = (char)((x2b[(PRUint8)c] << 4) | x2b[(PRUint8)*bp]);
}
}
else if (c == '#' && bp == *pbp) {
} else if (c == '#' && bp == *pbp) {
/* ignore leading #, quotation not required for it. */
}
else if (!isQuoted && SPECIAL_CHAR(c)) {
} else if (!isQuoted && SPECIAL_CHAR(c)) {
/* unescaped special and not within quoted value */
break;
}
else if (c == C_DOUBLE_QUOTE) {
} else if (c == C_DOUBLE_QUOTE) {
/* reached unescaped double quote */
break;
}
@ -404,8 +400,7 @@ ParseRFC1485AVA(PLArenaPool* arena, const char** pbp, const char* endptr)
/* is this a dotted decimal OID attribute type ? */
if (!PL_strncasecmp("oid.", tagBuf, 4)) {
rv = SEC_StringToOID(arena, &derOid, tagBuf, strlen(tagBuf));
}
else {
} else {
for (n2k = name2kinds; n2k->name; n2k++) {
SECOidData* oidrec;
if (PORT_Strcasecmp(n2k->name, tagBuf) == 0) {
@ -429,8 +424,7 @@ ParseRFC1485AVA(PLArenaPool* arena, const char** pbp, const char* endptr)
if (rv)
goto loser;
a = CERT_CreateAVAFromRaw(arena, &derOid, &derVal);
}
else {
} else {
if (kind == SEC_OID_UNKNOWN)
goto loser;
if (kind == SEC_OID_AVA_COUNTRY_NAME && valLen != 2)
@ -483,8 +477,7 @@ ParseRFC1485Name(const char* buf, int len)
if (rdn == 0)
goto loser;
rv = CERT_AddRDN(name, rdn);
}
else {
} else {
rv = CERT_AddAVA(name->arena, rdn, ava);
}
if (rv)
@ -565,8 +558,7 @@ AppendStr(stringBuf* bufp, char* str)
size = PR_MAX(DEFAULT_BUFFER_SIZE, bufSize * 2);
buf = (char*)PORT_Alloc(size);
bufp->size = size;
}
else if (bufp->size < bufSize) {
} else if (bufp->size < bufSize) {
size = bufSize * 2;
buf = (char*)PORT_Realloc(buf, size);
bufp->size = size;
@ -615,17 +607,14 @@ cert_RFC1485_GetRequiredLen(const char* src, int srclen, EQMode* pEQMode)
reqLen++;
if (NEEDS_HEX_ESCAPE(c)) { /* c -> \xx */
reqLen += 2;
}
else if (NEEDS_ESCAPE(c)) { /* c -> \c */
} else if (NEEDS_ESCAPE(c)) { /* c -> \c */
reqLen++;
}
else if (SPECIAL_CHAR(c)) {
} else if (SPECIAL_CHAR(c)) {
if (mode == minimalEscapeAndQuote) /* quoting is allowed */
needsQuoting = PR_TRUE; /* entirety will need quoting */
else if (mode == fullEscape)
reqLen++; /* MAY escape this character */
}
else if (OPTIONAL_SPACE(c) && OPTIONAL_SPACE(lastC)) {
} else if (OPTIONAL_SPACE(c) && OPTIONAL_SPACE(lastC)) {
if (mode == minimalEscapeAndQuote) /* quoting is allowed */
needsQuoting = PR_TRUE; /* entirety will need quoting */
}
@ -667,8 +656,7 @@ escapeAndQuote(char* dst, int dstlen, char* src, int srclen, EQMode* pEQMode)
*dst++ = C_BACKSLASH;
*dst++ = hexChars[(c >> 4) & 0x0f];
*dst++ = hexChars[c & 0x0f];
}
else {
} else {
if (NEEDS_ESCAPE(c) || (SPECIAL_CHAR(c) && mode == fullEscape)) {
*dst++ = C_BACKSLASH;
}
@ -766,13 +754,11 @@ CERT_GetOidString(const SECItem* oid)
PRUint32 two = n - (one * 40);
rvString = PR_smprintf("OID.%lu.%lu", one, two);
}
else {
} else {
prefix = rvString;
rvString = PR_smprintf("%s.%lu", prefix, n);
}
}
else if (bytesBeforeLast <= 9U) { /* 29-64 bit number */
} else if (bytesBeforeLast <= 9U) { /* 29-64 bit number */
PRUint64 n = 0;
PRUint64 c;
@ -798,13 +784,11 @@ CERT_GetOidString(const SECItem* oid)
PRUint64 two = n - (one * 40);
rvString = PR_smprintf("OID.%llu.%llu", one, two);
}
else {
} else {
prefix = rvString;
rvString = PR_smprintf("%s.%llu", prefix, n);
}
}
else {
} else {
/* More than a 64-bit number, or not minimal encoding. */
unsupported:
if (!rvString)
@ -945,8 +929,7 @@ AppendAVA(stringBuf* bufp, CERTAVA* ava, CertStrictnessLevel strict)
if (pn2k->kind != endKind) {
n2k = *pn2k;
}
else if (strict != CERT_N2A_READABLE) {
} else if (strict != CERT_N2A_READABLE) {
useHex = PR_TRUE;
}
/* For invertable form, force Directory Strings to use hex form. */
@ -991,8 +974,7 @@ AppendAVA(stringBuf* bufp, CERTAVA* ava, CertStrictnessLevel strict)
maxValue = valueLen;
if (len <= sizeof(tmpBuf)) {
encodedAVA = tmpBuf;
}
else if (strict != CERT_N2A_READABLE) {
} else if (strict != CERT_N2A_READABLE) {
encodedAVA = PORT_Alloc(len);
if (!encodedAVA) {
SECITEM_FreeItem(avaValue, PR_TRUE);
@ -1000,8 +982,7 @@ AppendAVA(stringBuf* bufp, CERTAVA* ava, CertStrictnessLevel strict)
PR_smprintf_free(unknownTag);
return SECFailure;
}
}
else {
} else {
/* Must make output fit in tmpbuf */
unsigned int fair = (sizeof tmpBuf) / 2 - 1; /* for = and \0 */
@ -1009,12 +990,10 @@ AppendAVA(stringBuf* bufp, CERTAVA* ava, CertStrictnessLevel strict)
/* just truncate the value */
maxValue = (sizeof tmpBuf) - (nameLen + 6); /* for "=...\0",
and possibly '"' */
}
else if (valueLen < fair) {
} else if (valueLen < fair) {
/* just truncate the name */
maxName = (sizeof tmpBuf) - (valueLen + 5); /* for "=...\0" */
}
else {
} else {
/* truncate both */
maxName = maxValue = fair - 3; /* for "..." */
}
@ -1056,12 +1035,10 @@ AppendAVA(stringBuf* bufp, CERTAVA* ava, CertStrictnessLevel strict)
end[-3] = '.';
}
rv = SECSuccess;
}
else if (!truncateValue) {
} else if (!truncateValue) {
rv = escapeAndQuote(encodedAVA + nameLen, len - nameLen,
(char*)avaValue->data, avaValue->len, &mode);
}
else {
} else {
/* must truncate the escaped and quoted value */
char bigTmpBuf[TMPBUF_LEN * 3 + 3];
PORT_Assert(valueLen < sizeof tmpBuf);
@ -1136,8 +1113,7 @@ CERT_NameToAsciiInvertible(CERTName* name, CertStrictnessLevel strict)
rv = AppendStr(&strBuf, newRDN ? "," : "+");
if (rv)
goto loser;
}
else {
} else {
first = PR_FALSE;
}
@ -1211,8 +1187,7 @@ avaToString(PLArenaPool* arena, CERTAVA* ava)
cert_RFC1485_GetRequiredLen((char*)avaValue->data, avaValue->len, NULL) + 1;
if (arena) {
buf = (char*)PORT_ArenaZAlloc(arena, valueLen);
}
else {
} else {
buf = (char*)PORT_ZAlloc(valueLen);
}
if (buf) {
@ -1321,8 +1296,7 @@ CERT_GetCertificateEmailAddress(CERTCertificate* cert)
CERT_GetNameElement(cert->arena, &(current->name.directoryName),
SEC_OID_RFC1274_MAIL);
}
}
else if (current->type == certRFC822Name) {
} else if (current->type == certRFC822Name) {
rawEmailAddr =
(char*)PORT_ArenaZAlloc(cert->arena, current->name.other.len +
1);
@ -1402,8 +1376,7 @@ appendItemToBuf(char* dest, SECItem* src, PRUint32* pRemaining)
hexChars[(c >> 4) & 0x0f];
*dest++ =
hexChars[c & 0x0f];
}
else {
} else {
*dest++ =
tolower(c);
}
@ -1471,8 +1444,7 @@ cert_GetCertificateEmailAddresses(CERTCertificate* cert)
tmpArena, &current->name.directoryName, SEC_OID_RFC1274_MAIL);
pBuf =
appendStringToBuf(pBuf, rawEmailAddr, &maxLen);
}
else if (current->type == certRFC822Name) {
} else if (current->type == certRFC822Name) {
pBuf =
appendItemToBuf(pBuf, &current->name.other, &maxLen);
}

135
security/nss/lib/certdb/certdb.c
Просмотреть файл

@ -400,8 +400,7 @@ GetKeyUsage(CERTCertificate *cert)
PORT_Free(tmpitem.data);
tmpitem.data = NULL;
}
else {
} else {
/* if the extension is not present, then we allow all uses */
cert->keyUsage = KU_ALL;
cert->rawKeyUsage = KU_ALL;
@ -483,8 +482,7 @@ cert_ComputeCertType(CERTCertificate *cert)
if (tmpitem.data != NULL || extKeyUsage != NULL) {
if (tmpitem.data == NULL) {
nsCertType = 0;
}
else {
} else {
nsCertType = tmpitem.data[0];
}
@ -517,8 +515,7 @@ cert_ComputeCertType(CERTCertificate *cert)
SECSuccess) {
if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
nsCertType |= NS_CERT_TYPE_EMAIL_CA;
}
else {
} else {
nsCertType |= NS_CERT_TYPE_EMAIL;
}
}
@ -526,8 +523,7 @@ cert_ComputeCertType(CERTCertificate *cert)
extKeyUsage, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH) == SECSuccess) {
if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
nsCertType |= NS_CERT_TYPE_SSL_CA;
}
else {
} else {
nsCertType |= NS_CERT_TYPE_SSL_SERVER;
}
}
@ -540,8 +536,7 @@ cert_ComputeCertType(CERTCertificate *cert)
SECSuccess) {
if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
nsCertType |= NS_CERT_TYPE_SSL_CA;
}
else {
} else {
nsCertType |= NS_CERT_TYPE_SSL_SERVER;
}
}
@ -549,8 +544,7 @@ cert_ComputeCertType(CERTCertificate *cert)
extKeyUsage, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH) == SECSuccess) {
if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
nsCertType |= NS_CERT_TYPE_SSL_CA;
}
else {
} else {
nsCertType |= NS_CERT_TYPE_SSL_CLIENT;
}
}
@ -558,8 +552,7 @@ cert_ComputeCertType(CERTCertificate *cert)
extKeyUsage, SEC_OID_EXT_KEY_USAGE_CODE_SIGN) == SECSuccess) {
if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
nsCertType |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
}
else {
} else {
nsCertType |= NS_CERT_TYPE_OBJECT_SIGNING;
}
}
@ -571,8 +564,7 @@ cert_ComputeCertType(CERTCertificate *cert)
SECSuccess) {
nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER;
}
}
else {
} else {
/* If no NS Cert Type extension and no EKU extension, then */
nsCertType = 0;
if (CERT_IsCACert(cert, &nsCertType))
@ -674,8 +666,7 @@ cert_IsRootCert(CERTCertificate *cert)
PORT_Free(tmpitem.data);
if (!match)
return PR_FALSE; /* else fall through */
}
else {
} else {
/* the subject key ID is required when AKI is present */
return PR_FALSE;
}
@ -743,8 +734,7 @@ CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
cert->derCert.data = (unsigned char *)data;
cert->derCert.len = derSignedCert->len;
PORT_Memcpy(data, derSignedCert->data, derSignedCert->len);
}
else {
} else {
/* point to passed in DER data */
cert->derCert = *derSignedCert;
}
@ -771,8 +761,7 @@ CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
/* set the nickname */
if (nickname == NULL) {
cert->nickname = NULL;
}
else {
} else {
/* copy and install the nickname */
len = PORT_Strlen(nickname) + 1;
cert->nickname = (char *)PORT_ArenaAlloc(arena, len);
@ -1007,8 +996,7 @@ SEC_GetCrlTimes(CERTCrl *date, PRTime *notBefore, PRTime *notAfter)
if (rv) {
return (SECFailure);
}
}
else {
} else {
LL_I2L(*notAfter, 0L);
}
return (SECSuccess);
@ -1132,8 +1120,7 @@ CERT_KeyUsageAndTypeForCertUsage(SECCertUsage usage, PRBool ca,
PORT_Assert(0);
goto loser;
}
}
else {
} else {
switch (usage) {
case certUsageSSLClient:
/*
@ -1356,15 +1343,13 @@ cert_TestHostName(char *cn, const char *hn)
if (match == 0) {
rv = SECSuccess;
}
else {
} else {
PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
rv = SECFailure;
}
return rv;
}
}
else {
} else {
/* New approach conforms to RFC 6125. */
char *wildcard = PORT_Strchr(cn, '*');
char *firstcndot = PORT_Strchr(cn, '.');
@ -1379,9 +1364,8 @@ cert_TestHostName(char *cn, const char *hn)
* - must not be preceded by an IDNA ACE prefix (xn--)
*/
if (wildcard && secondcndot && secondcndot[1] && firsthndot &&
firstcndot - wildcard ==
1 /* wildcard is last char in first component */
&& secondcndot - firstcndot > 1 /* second component is non-empty */
firstcndot - wildcard == 1 /* wildcard is last char in first component */
&& secondcndot - firstcndot > 1 /* second component is non-empty */
&& PORT_Strrchr(cn, '*') == wildcard /* only one wildcard in cn */
&& !PORT_Strncasecmp(cn, hn, wildcard - cn) &&
!PORT_Strcasecmp(firstcndot, firsthndot)
@ -1473,23 +1457,20 @@ cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn)
netAddr.inet.family == PR_AF_INET) {
match = !memcmp(&netAddr.inet.ip,
current->name.other.data, 4);
}
else if (current->name.other.len ==
16 && /* IP v6 address */
netAddr.ipv6.family == PR_AF_INET6) {
} else if (current->name.other.len ==
16 && /* IP v6 address */
netAddr.ipv6.family == PR_AF_INET6) {
match = !memcmp(&netAddr.ipv6.ip,
current->name.other.data, 16);
}
else if (current->name.other.len ==
16 && /* IP v6 address */
netAddr.inet.family == PR_AF_INET) {
} else if (current->name.other.len ==
16 && /* IP v6 address */
netAddr.inet.family == PR_AF_INET) {
/* convert netAddr to ipv6, then compare. */
/* ipv4 must be in Network Byte Order on input. */
PR_ConvertIPv4AddrToIPv6(netAddr.inet.ip, &v6Addr);
match = !memcmp(&v6Addr, current->name.other.data, 16);
}
else if (current->name.other.len == 4 && /* IP v4 address */
netAddr.inet.family == PR_AF_INET6) {
} else if (current->name.other.len == 4 && /* IP v4 address */
netAddr.inet.family == PR_AF_INET6) {
/* convert netAddr to ipv6, then compare. */
PRUint32 ipv4 = (current->name.other.data[0] << 24) |
(current->name.other.data[1] << 16) |
@ -1517,8 +1498,7 @@ fail:
if (!(isIPaddr ? IPextCount : DNSextCount)) {
/* no relevant value in the extension was found. */
PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
}
else {
} else {
PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
}
rv = SECFailure;
@ -1648,8 +1628,7 @@ cert_GetDNSPatternsFromGeneralNames(CERTGeneralName *firstName,
addr.inet.family = PR_AF_INET;
memcpy(&addr.inet.ip, currentInput->name.other.data,
currentInput->name.other.len);
}
else if (currentInput->name.other.len == 16) {
} else if (currentInput->name.other.len == 16) {
addr.ipv6.family = PR_AF_INET6;
memcpy(&addr.ipv6.ip, currentInput->name.other.data,
currentInput->name.other.len);
@ -1787,18 +1766,15 @@ CERT_VerifyCertName(const CERTCertificate *cert, const char *hn)
if (isIPaddr) {
if (PORT_Strcasecmp(hn, cn) == 0) {
rv = SECSuccess;
}
else {
} else {
PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
rv = SECFailure;
}
}
else {
} else {
rv = cert_TestHostName(cn, hn);
}
PORT_Free(cn);
}
else
} else
PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
return rv;
}
@ -1811,8 +1787,7 @@ CERT_CompareCerts(const CERTCertificate *c1, const CERTCertificate *c2)
comp = SECITEM_CompareItem(&c1->derCert, &c2->derCert);
if (comp == SECEqual) { /* certs are the same */
return (PR_TRUE);
}
else {
} else {
return (PR_FALSE);
}
}
@ -1966,8 +1941,7 @@ CERT_MakeCANickname(CERTCertificate *cert)
if (firstname) {
org = firstname;
firstname = NULL;
}
else {
} else {
org = PORT_Strdup("Unknown CA");
}
}
@ -1985,16 +1959,13 @@ CERT_MakeCANickname(CERTCertificate *cert)
if (firstname) {
if (count == 1) {
nickname = PR_smprintf("%s - %s", firstname, org);
}
else {
} else {
nickname = PR_smprintf("%s - %s #%d", firstname, org, count);
}
}
else {
} else {
if (count == 1) {
nickname = PR_smprintf("%s", org);
}
else {
} else {
nickname = PR_smprintf("%s #%d", org, count);
}
}
@ -2104,8 +2075,7 @@ CERT_IsCACert(CERTCertificate *cert, unsigned int *rettype)
if (cType & (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA |
NS_CERT_TYPE_OBJECT_SIGNING_CA)) {
ret = PR_TRUE;
}
else {
} else {
SECStatus rv;
CERTBasicConstraints constraints;
@ -2254,8 +2224,7 @@ CERT_IsNewer(CERTCertificate *certa, CERTCertificate *certb)
return (PR_FALSE);
}
return (PR_TRUE);
}
else {
} else {
/* cert B was issued after cert A, but expires sooner */
/* if B is expired, then pick A */
if (LL_CMP(notAfterB, <, now)) {
@ -2371,8 +2340,7 @@ CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts)
case ',':
if (pflags == &trust->sslFlags) {
pflags = &trust->emailFlags;
}
else {
} else {
pflags = &trust->objectSigningFlags;
}
break;
@ -2489,8 +2457,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
*/
/* Bug 1192442 - propagate errors from these calls. */
(void)CERT_AddTempCertToPerm(certs[i], canickname, NULL);
}
else {
} else {
(void)CERT_AddTempCertToPerm(
certs[i], nickname ? nickname : canickname, NULL);
}
@ -2503,8 +2470,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
if (retCerts) {
*retCerts = certs;
}
else {
} else {
if (certs) {
CERT_DestroyCertArray(certs, fcerts);
}
@ -2700,8 +2666,7 @@ CERT_SortCBValidity(CERTCertificate *certa, CERTCertificate *certb, void *arg)
if (newerbefore) {
/* cert A was issued after cert B, but expires sooner */
return (PR_TRUE);
}
else {
} else {
/* cert B was issued after cert A, but expires sooner */
return (PR_FALSE);
}
@ -2800,8 +2765,7 @@ CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage,
* fix the cert decoding code to do this.
*/
(void)CERT_IsCACert(node->cert, &certType);
}
else {
} else {
certType = node->cert->nsCertType;
}
if (!(certType & requiredCertType)) {
@ -2814,8 +2778,7 @@ CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage,
savenode = CERT_LIST_NEXT(node);
CERT_RemoveCertListNode(node);
node = savenode;
}
else {
} else {
node = CERT_LIST_NEXT(node);
}
}
@ -2836,8 +2799,7 @@ CERT_IsUserCert(CERTCertificate *cert)
((trust.sslFlags & CERTDB_USER) || (trust.emailFlags & CERTDB_USER) ||
(trust.objectSigningFlags & CERTDB_USER))) {
return PR_TRUE;
}
else {
} else {
return PR_FALSE;
}
}
@ -2861,8 +2823,7 @@ CERT_FilterCertListForUserCerts(CERTCertList *certList)
freenode = node;
node = CERT_LIST_NEXT(node);
CERT_RemoveCertListNode(freenode);
}
else {
} else {
/* Is a User cert, so leave it in the list */
node = CERT_LIST_NEXT(node);
}
@ -2954,8 +2915,7 @@ cert_DestroyLocks(void)
if (certRefCountLock) {
PZ_DestroyLock(certRefCountLock);
certRefCountLock = NULL;
}
else {
} else {
rv = SECFailure;
}
@ -2963,8 +2923,7 @@ cert_DestroyLocks(void)
if (certTrustLock) {
PZ_DestroyLock(certTrustLock);
certTrustLock = NULL;
}
else {
} else {
rv = SECFailure;
}
return rv;

6
security/nss/lib/certdb/certv3.c
Просмотреть файл

@ -138,8 +138,7 @@ CERT_FindSubjectKeyIDExtension(CERTCertificate *cert, SECItem *retItem)
rv = SECITEM_CopyItem(NULL, retItem, &decodedValue);
}
PORT_FreeArena(tmpArena, PR_FALSE);
}
else {
} else {
rv = SECFailure;
}
}
@ -217,8 +216,7 @@ CERT_CheckCertUsage(CERTCertificate *cert, unsigned char usage)
if (rv == SECFailure) {
rv = (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) ? SECSuccess
: SECFailure;
}
else if (!(keyUsage.data[0] & usage)) {
} else if (!(keyUsage.data[0] & usage)) {
PORT_SetError(SEC_ERROR_CERT_USAGES_INVALID);
rv = SECFailure;
}

6
security/nss/lib/certdb/certxutl.c
Просмотреть файл

@ -202,8 +202,7 @@ CERT_AddExtensionByOID(void *exthandle, SECItem *oid, SECItem *value,
if (rv) {
return (SECFailure);
}
}
else {
} else {
ext->value = *value;
}
@ -362,8 +361,7 @@ CERT_MergeExtensions(void *exthandle, CERTCertExtension **extensions)
if (tag == 0) {
if (SECITEM_ItemsAreEqual(&ext->id, &node->ext->id))
break;
}
else {
} else {
if (SECOID_FindOIDTag(&node->ext->id) == tag) {
break;
}

122
security/nss/lib/certdb/crl.c
Просмотреть файл

@ -274,8 +274,7 @@ CERT_KeyFromDERCrl(PLArenaPool* arena, SECItem* derCrl, SECItem* key)
if (!arena) {
/* arena needed for QuickDER */
myArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
}
else {
} else {
myArena = arena;
}
PORT_Memset(&sd, 0, sizeof(sd));
@ -311,8 +310,7 @@ CERT_CompleteCRLDecodeEntries(CERTSignedCrl* crl)
if ((!crl) || (!(extended = (OpaqueCRLFields*)crl->opaque)) ||
(PR_TRUE == extended->decodingError)) {
rv = SECFailure;
}
else {
} else {
if (PR_FALSE == extended->partial) {
/* the CRL has already been fully decoded */
return SECSuccess;
@ -333,8 +331,7 @@ CERT_CompleteCRLDecodeEntries(CERTSignedCrl* crl)
if (SECSuccess == rv) {
extended->partial = PR_FALSE; /* successful decode, avoid
decoding again */
}
else {
} else {
extended->decodingError = PR_TRUE;
extended->badEntries = PR_TRUE;
/* cache the decoding failure. If it fails the first time,
@ -387,8 +384,7 @@ CERT_DecodeDERCrlWithFlags(PLArenaPool* narena, SECItem* derSignedCrl, int type,
if (!arena) {
return NULL;
}
}
else {
} else {
arena = narena;
}
@ -414,8 +410,7 @@ CERT_DecodeDERCrlWithFlags(PLArenaPool* narena, SECItem* derSignedCrl, int type,
crl->derCrl = derSignedCrl; /* DER is not copied . The application
must keep derSignedCrl until it
destroys the CRL */
}
else {
} else {
crl->derCrl = (SECItem*)PORT_ArenaZAlloc(arena, sizeof(SECItem));
if (crl->derCrl == NULL) {
goto loser;
@ -561,8 +556,7 @@ SEC_FindCrlByKeyOnSlot(PK11SlotInfo* slot, SECItem* crlKey, int type,
if (url) {
crl->url = PORT_ArenaStrdup(crl->arena, url);
}
}
else {
} else {
rv = SECFailure;
}
@ -735,8 +729,7 @@ SEC_DestroyCrl(CERTSignedCrl* crl)
}
}
return SECSuccess;
}
else {
} else {
return SECFailure;
}
}
@ -1015,15 +1008,13 @@ InitCRLCache(void)
}
crlcache_initialized = PR_TRUE;
return SECSuccess;
}
else {
} else {
PORT_Assert(crlcache.lock);
PORT_Assert(crlcache.issuers);
if ((NULL == crlcache.lock) || (NULL == crlcache.issuers)) {
/* CRL cache not fully initialized */
return SECFailure;
}
else {
} else {
/* CRL cache already initialized */
return SECSuccess;
}
@ -1047,8 +1038,7 @@ DPCache_Destroy(CRLDPCache* cache)
#else
PR_DestroyLock(cache->lock);
#endif
}
else {
} else {
PORT_Assert(0);
return SECFailure;
}
@ -1092,8 +1082,7 @@ IssuerCache_Destroy(CRLIssuerCache* cache)
#ifdef XCRL
if (cache->lock) {
NSSRWLock_Destroy(cache->lock);
}
else {
} else {
PORT_Assert(0);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
@ -1407,7 +1396,7 @@ TokenCRLStillExists(CERTSignedCrl* crl)
}
status =
nssCryptokiCRL_GetAttributes(&instance, NULL, /* XXX sessionOpt */
nssCryptokiCRL_GetAttributes(&instance, NULL, /* XXX sessionOpt */
arena, NULL, &newsubject, /* subject */
&crl_class, /* class */
NULL, NULL);
@ -1420,8 +1409,7 @@ TokenCRLStillExists(CERTSignedCrl* crl)
if (CKO_NETSCAPE_CRL != crl_class) {
xstatus = PR_FALSE;
}
}
else {
} else {
xstatus = PR_FALSE;
}
NSSArena_Destroy(arena);
@ -1464,8 +1452,7 @@ CachedCrl_Verify(CRLDPCache* cache, CachedCrl* crlobject, PRTime vfdate,
with bogus DER. Mark it checked so we won't try again */
PORT_SetError(SEC_ERROR_BAD_DER);
return SECSuccess;
}
else {
} else {
SECStatus signstatus = SECFailure;
if (cache->issuerDERCert) {
CERTCertificate* issuer = CERT_NewTempCertificate(
@ -1484,14 +1471,12 @@ CachedCrl_Verify(CRLDPCache* cache, CachedCrl* crlobject, PRTime vfdate,
So, we don't cache this verification failure. We'll try
to verify the CRL again when a certificate from that issuer
becomes available */
}
else {
} else {
crlobject->sigChecked = PR_TRUE;
}
PORT_SetError(SEC_ERROR_CRL_BAD_SIGNATURE);
return SECSuccess;
}
else {
} else {
crlobject->sigChecked = PR_TRUE;
crlobject->sigValid = PR_TRUE;
}
@ -1522,8 +1507,7 @@ DPCache_FetchFromTokens(CRLDPCache* cache, PRTime vfdate, void* wincx)
if (SECFailure == rv) {
/* fetch failed, add error bit */
cache->invalid |= CRL_CACHE_LAST_FETCH_FAILED;
}
else {
} else {
/* fetch was successful, clear this error bit */
cache->invalid &= (~CRL_CACHE_LAST_FETCH_FAILED);
}
@ -1546,12 +1530,10 @@ DPCache_FetchFromTokens(CRLDPCache* cache, PRTime vfdate, void* wincx)
if (PR_TRUE != added) {
rv = CachedCrl_Destroy(returned);
returned = NULL;
}
else if (vfdate) {
} else if (vfdate) {
rv = CachedCrl_Verify(cache, returned, vfdate, wincx);
}
}
else {
} else {
/* not enough memory to add the CRL to the cache. mark it
invalid so we will try again . */
cache->invalid |= CRL_CACHE_LAST_FETCH_FAILED;
@ -1595,8 +1577,7 @@ CachedCrl_GetEntry(CachedCrl* crl, const SECItem* sn, CERTCrlEntry** returned)
acrlEntry = PL_HashTableLookup(crl->entries, (void*)sn);
if (acrlEntry) {
*returned = acrlEntry;
}
else {
} else {
*returned = NULL;
}
return SECSuccess;
@ -1626,12 +1607,10 @@ DPCache_Lookup(CRLDPCache* cache, const SECItem* sn, CERTCrlEntry** returned)
rv = CachedCrl_GetEntry(cache->selected, sn, returned);
if (SECSuccess != rv) {
return dpcacheLookupError;
}
else {
} else {
if (*returned) {
return dpcacheFoundEntry;
}
else {
} else {
return dpcacheNoEntry;
}
}
@ -1908,8 +1887,7 @@ SortImperfectCRLs(const void* arg1, const void* arg2)
if (!a || !b) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
PORT_Assert(0);
}
else {
} else {
PRBool aDecoded = PR_FALSE, bDecoded = PR_FALSE;
if ((PR_TRUE == a->sigValid) && (PR_TRUE == b->sigValid)) {
/* both CRLs have been validated, choose the latest one */
@ -1966,8 +1944,7 @@ DPCache_SelectCRL(CRLDPCache* cache)
if (PR_TRUE == valid) {
/* all CRLs are valid, clear this error */
cache->invalid &= (~CRL_CACHE_INVALID_CRLS);
}
else {
} else {
/* some CRLs are invalid, set this error */
cache->invalid |= CRL_CACHE_INVALID_CRLS;
}
@ -2098,8 +2075,7 @@ IssuerCache_AddDP(CRLIssuerCache* cache, CERTCertificate* issuer,
*newdpc = cache->dpp;
return SECSuccess;
}
}
else {
} else {
/* we should never hit this until we support multiple DPs */
PORT_Assert(dp);
/* XCRL allocate a new distribution point cache object, initialize it,
@ -2294,8 +2270,7 @@ AcquireDPCache(CERTCertificate* issuer, const SECItem* subject,
rv = SECFailure;
}
#ifdef GLOBAL_RWLOCK
}
else {
} else {
/* somebody else updated before we did */
IssuerCache_Destroy(issuercache); /* destroy the new object */
issuercache = existing; /* use the existing one */
@ -2310,8 +2285,7 @@ AcquireDPCache(CERTCertificate* issuer, const SECItem* subject,
if (PR_TRUE == globalwrite) {
NSSRWLock_UnlockWrite(crlcache.lock);
globalwrite = PR_FALSE;
}
else {
} else {
NSSRWLock_UnlockRead(crlcache.lock);
}
#else
@ -2334,8 +2308,7 @@ AcquireDPCache(CERTCertificate* issuer, const SECItem* subject,
if (SECSuccess != rv) {
return SECFailure;
}
}
else {
} else {
#ifdef GLOBAL_RWLOCK
NSSRWLock_UnlockRead(crlcache.lock);
#else
@ -2360,8 +2333,7 @@ AcquireDPCache(CERTCertificate* issuer, const SECItem* subject,
/* make sure the DP cache is up to date before using it */
rv = DPCache_GetUpToDate(*dpcache, issuer, PR_FALSE == *writeLocked,
t, wincx);
}
else {
} else {
rv = SECFailure;
}
}
@ -2379,8 +2351,7 @@ ReleaseDPCache(CRLDPCache* dpcache, PRBool writeLocked)
#ifdef DPC_RWLOCK
if (PR_TRUE == writeLocked) {
NSSRWLock_UnlockWrite(dpcache->lock);
}
else {
} else {
NSSRWLock_UnlockRead(dpcache->lock);
}
#else
@ -2446,18 +2417,15 @@ cert_CheckCertRevocationStatus(CERTCertificate* cert, CERTCertificate* issuer,
is past the revocation date */
if (t >= revocationDate) {
rv = SECFailure;
}
else {
} else {
status = certRevocationStatusValid;
}
}
else {
} else {
/* invalid revocation date, consider the certificate
permanently revoked */
rv = SECFailure;
}
}
else {
} else {
/* no revocation date, certificate is permanently revoked */
rv = SECFailure;
}
@ -2761,8 +2729,7 @@ addCRLToCache(CERTCertDBHandle* dbhandle, SECItem* crl,
if (SECSuccess == CERT_CacheCRL(dbhandle, entry->crl)) {
entry->inCRLCache = PR_TRUE;
entry->successfulInsertionTime = entry->lastAttemptTime;
}
else {
} else {
switch (PR_GetError()) {
case SEC_ERROR_CRL_ALREADY_EXISTS:
entry->dupe = PR_TRUE;
@ -2829,8 +2796,7 @@ cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
NamedCRLCacheEntry_Destroy(newEntry);
rv = SECFailure;
}
}
else {
} else {
PRBool removed;
/* remove the old CRL from the cache if needed */
if (oldEntry->inCRLCache) {
@ -2844,8 +2810,7 @@ cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
rv = SECFailure;
/* leak old entry since we couldn't remove it from the hash
* table */
}
else {
} else {
PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry));
}
if (NULL == PL_HashTableAdd(namedCRLCache.entries,
@ -2855,8 +2820,7 @@ cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
rv = SECFailure;
}
}
}
else {
} else {
/* error adding new CRL to cache */
if (!oldEntry) {
/* no old cache entry, use the new one even though it's bad */
@ -2866,16 +2830,14 @@ cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
PORT_Assert(0);
rv = SECFailure;
}
}
else {
} else {
if (oldEntry->inCRLCache) {
/* previous cache entry was good, keep it and update time */
oldEntry->lastAttemptTime = newEntry->lastAttemptTime;
/* throw away new bad entry */
rv = NamedCRLCacheEntry_Destroy(newEntry);
PORT_Assert(SECSuccess == rv);
}
else {
} else {
/* previous cache entry was bad, just replace it */
PRBool removed = PL_HashTableRemove(
namedCRLCache.entries, (void*)oldEntry->canonicalizedName);
@ -2884,8 +2846,7 @@ cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
/* leak old entry since we couldn't remove it from the hash
* table */
rv = SECFailure;
}
else {
} else {
PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry));
}
if (NULL == PL_HashTableAdd(namedCRLCache.entries,
@ -3064,8 +3025,7 @@ CachedCrl_Compare(CachedCrl* a, CachedCrl* b, PRBool* isDupe, PRBool* isUpdated)
if (SECEqual ==
SECITEM_CompareItem(b->crl->derCrl, a->crl->derCrl)) {
*isDupe = PR_TRUE;
}
else {
} else {
*isUpdated = PR_TRUE;
}
}

36
security/nss/lib/certdb/genname.c
Просмотреть файл

@ -199,8 +199,7 @@ cert_CopyOneGeneralName(PLArenaPool *arena, CERTGeneralName *dest,
}
if (rv != SECSuccess) {
PORT_ArenaRelease(arena, mark);
}
else {
} else {
PORT_ArenaUnmark(arena, mark);
}
return rv;
@ -218,8 +217,7 @@ CERT_DestroyGeneralNameList(CERTGeneralNameList *list)
PORT_FreeArena(list->arena, PR_FALSE);
PZ_Unlock(lock);
PZ_DestroyLock(lock);
}
else {
} else {
PZ_Unlock(lock);
}
}
@ -438,8 +436,7 @@ CERT_DecodeGeneralName(PLArenaPool *reqArena, SECItem *encodedName,
genName = CERT_NewGeneralName(reqArena, genNameType);
if (!genName)
goto loser;
}
else {
} else {
genName->type = genNameType;
genName->l.prev = genName->l.next = &genName->l;
}
@ -706,8 +703,7 @@ cert_DecodeNameConstraintSubTree(PLArenaPool *arena, SECItem **subTree,
}
if (first == NULL) {
first = current;
}
else {
} else {
current->l.prev = &(last->l);
last->l.next = &(current->l);
}
@ -816,8 +812,7 @@ CERT_CopyGeneralName(PLArenaPool *arena, CERTGeneralName *dest,
destHead->l.prev = &temp->l;
dest->l.next = &temp->l;
dest = temp;
}
else {
} else {
dest = CERT_GetNextGeneralName(dest);
}
}
@ -889,11 +884,9 @@ cert_CombineNamesLists(CERTGeneralName *list1, CERTGeneralName *list2)
if (list1 == NULL) {
return list2;
}
else if (list2 == NULL) {
} else if (list2 == NULL) {
return list1;
}
else {
} else {
begin1 = &list1->l;
begin2 = &list2->l;
end1 = list1->l.prev;
@ -917,11 +910,9 @@ cert_CombineConstraintsLists(CERTNameConstraint *list1,
if (list1 == NULL) {
return list2;
}
else if (list2 == NULL) {
} else if (list2 == NULL) {
return list1;
}
else {
} else {
begin1 = &list1->l;
begin2 = &list2->l;
end1 = list1->l.prev;
@ -1548,16 +1539,14 @@ CERT_AddNameConstraintByGeneralName(PLArenaPool *arena,
if (first == NULL) {
*constraints = current;
PR_INIT_CLIST(&current->l);
}
else {
} else {
PR_INSERT_BEFORE(&current->l, &first->l);
}
done:
if (rv == SECFailure) {
PORT_ArenaRelease(arena, mark);
}
else {
} else {
PORT_ArenaUnmark(arena, mark);
}
return rv;
@ -1694,8 +1683,7 @@ CERT_FindNameConstraintsExten(PLArenaPool *arena, CERTCertificate *cert,
if (rv == SECFailure) {
PORT_ArenaRelease(arena, mark);
}
else {
} else {
PORT_ArenaUnmark(arena, mark);
}

9
security/nss/lib/certdb/polcyxtn.c
Просмотреть файл

@ -291,16 +291,14 @@ CERT_DecodePolicyConstraintsExtension(
if (decodeContext.explicitPolicySkipCerts.len == 0) {
*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data = -1;
}
else {
} else {
*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data =
DER_GetInteger(&decodeContext.explicitPolicySkipCerts);
}
if (decodeContext.inhibitMappingSkipCerts.len == 0) {
*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data = -1;
}
else {
} else {
*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data =
DER_GetInteger(&decodeContext.inhibitMappingSkipCerts);
}
@ -475,8 +473,7 @@ stringFromUserNotice(SECItem *noticeItem)
if (policystr != NULL) {
if (retstr != NULL) {
retstr = PR_sprintf_append(retstr, "\n%s", policystr);
}
else {
} else {
retstr = PR_sprintf_append(retstr, "%s", policystr);
}

12
security/nss/lib/certdb/secname.c
Просмотреть файл

@ -54,8 +54,7 @@ AddToArray(PLArenaPool *arena, void **array, void *element)
array =
(void **)PORT_ArenaGrow(arena, array, (count + 1) * sizeof(void *),
(count + 2) * sizeof(void *));
}
else {
} else {
array = (void **)PORT_ArenaAlloc(arena, (count + 2) * sizeof(void *));
}
if (array) {
@ -346,8 +345,7 @@ CERT_CreateName(CERTRDN *rdn0, ...)
/* Count number of RDNs going into the Name */
if (!rdn0) {
count = 0;
}
else {
} else {
count = 1;
va_start(ap, rdn0);
while ((rdn = va_arg(ap, CERTRDN *)) != 0) {
@ -468,8 +466,7 @@ canonicalize(SECItem *foo)
ch = ' ';
if (ch == lastch)
continue;
}
else if (ch >= 'A' && ch <= 'Z') {
} else if (ch >= 'A' && ch <= 'Z') {
ch |= 0x20; /* downshift */
}
foo->data[dest++] = lastch = ch;
@ -522,8 +519,7 @@ CERT_CompareAVA(const CERTAVA *a, const CERTAVA *b)
}
SECITEM_FreeItem(aVal, PR_TRUE);
SECITEM_FreeItem(bVal, PR_TRUE);
}
else if (a->value.data[0] == 0x13) { /* both are printable strings. */
} else if (a->value.data[0] == 0x13) { /* both are printable strings. */
/* printable strings */
rv = CERT_CompareDERPrintableStrings(&a->value, &b->value);
}

51
security/nss/lib/certdb/stanpcertdb.c
Просмотреть файл

@ -93,8 +93,7 @@ CERT_GetCertTrust(const CERTCertificate *cert, CERTCertTrust *trust)
CERT_LockCertTrust(cert);
if (cert->trust == NULL) {
rv = SECFailure;
}
else {
} else {
*trust = *cert->trust;
rv = SECSuccess;
}
@ -359,8 +358,7 @@ CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
nssCertificate_Destroy(c);
PORT_SetError(SEC_ERROR_REUSED_ISSUER_AND_SERIAL);
cc = NULL;
}
else {
} else {
cc = STAN_GetCERTCertificateOrRelease(c);
if (cc == NULL) {
CERT_MapStanError();
@ -384,8 +382,7 @@ CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
if (copyDER) {
nssItem_Create(c->object.arena, &c->encoding, derCert->len,
derCert->data);
}
else {
} else {
NSSITEM_FROM_SECITEM(&c->encoding, derCert);
}
/* Forces a decoding of the cert in order to obtain the parts used
@ -481,8 +478,7 @@ get_best_temp_or_perm(NSSCertificate *ct, NSSCertificate *cp)
NSSCertificate *arr[3];
if (!ct) {
return nssCertificate_AddRef(cp);
}
else if (!cp) {
} else if (!cp) {
return nssCertificate_AddRef(ct);
}
arr[0] = ct;
@ -565,8 +561,7 @@ CERT_FindCertByNickname(CERTCertDBHandle *handle, const char *nickname)
if (ct) {
CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
}
}
else {
} else {
c = ct;
}
return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
@ -627,8 +622,7 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
if (anyUsage) {
cert = PK11_FindCertFromNickname(name, NULL);
}
else {
} else {
if (ct) {
/* Does ct really have the required usage? */
nssDecodedCert *dc;
@ -657,8 +651,7 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
if (ct) {
CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
}
}
else {
} else {
c = ct;
}
return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
@ -693,8 +686,7 @@ add_to_subject_list(CERTCertList *certList, CERTCertificate *cert,
if (secrv != SECSuccess) {
CERT_DestroyCertificate(cert);
}
}
else {
} else {
CERT_DestroyCertificate(cert);
}
}
@ -776,8 +768,7 @@ CERT_DestroyCertificate(CERTCertificate *cert)
if (tmp) {
/* delete the NSSCertificate */
NSSCertificate_Destroy(tmp);
}
else if (cert->arena) {
} else if (cert->arena) {
PORT_FreeArena(cert->arena, PR_FALSE);
}
}
@ -821,8 +812,7 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
SECITEM_FROM_NSSITEM(&oldproftime, stanProfile->profileTime);
oldProfileTime = &oldproftime;
}
}
else {
} else {
oldProfile = PK11_FindSMimeProfile(&slot, (char *)emailAddr,
&cert->derSubject, &oldProfileTime);
freeOldProfile = PR_TRUE;
@ -833,23 +823,20 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
/* both profileTime and emailProfile have to exist or not exist */
if (emailProfile == NULL) {
profileTime = NULL;
}
else if (profileTime == NULL) {
} else if (profileTime == NULL) {
emailProfile = NULL;
}
if (oldProfileTime == NULL) {
saveit = PR_TRUE;
}
else {
} else {
/* there was already a profile for this email addr */
if (profileTime) {
/* we have an old and new profile - save whichever is more recent*/
if (oldProfileTime->len == 0) {
/* always replace if old entry doesn't have a time */
oldtime = LL_MININT;
}
else {
} else {
rv = DER_UTCTimeToTime(&oldtime, oldProfileTime);
if (rv != SECSuccess) {
goto loser;
@ -865,8 +852,7 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
/* this is a newer profile, save it and cert */
saveit = PR_TRUE;
}
}
else {
} else {
saveit = PR_TRUE;
}
}
@ -882,8 +868,7 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
arena, NULL, profileTime->len, profileTime->data);
stanProfile->profileData = nssItem_Create(
arena, NULL, emailProfile->len, emailProfile->data);
}
else if (profileTime && emailProfile) {
} else if (profileTime && emailProfile) {
PRStatus nssrv;
NSSItem profTime, profData;
NSSITEM_FROM_SECITEM(&profTime, profileTime);
@ -894,14 +879,12 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
nssrv = nssCryptoContext_ImportSMIMEProfile(cc, stanProfile);
rv = (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure;
}
}
else {
} else {
rv = PK11_SaveSMimeProfile(slot, (char *)emailAddr,
&cert->derSubject, emailProfile,
profileTime);
}
}
else {
} else {
rv = SECSuccess;
}

3
security/nss/lib/certdb/xauthkid.c
Просмотреть файл

@ -62,8 +62,7 @@ CERT_EncodeAuthKeyID(PLArenaPool *arena, CERTAuthKeyID *value,
PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
break;
}
}
else if (value->authCertSerialNumber.data) {
} else if (value->authCertSerialNumber.data) {
PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
break;
}

6
security/nss/lib/certdb/xbsconst.c
Просмотреть файл

@ -126,16 +126,14 @@ CERT_DecodeBasicConstraintValue(CERTBasicConstraints *value,
*/
if (value->isCA)
value->pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT;
}
else if (value->isCA) {
} else if (value->isCA) {
long len = DER_GetInteger(&decodeContext.pathLenConstraint);
if (len < 0 || len == LONG_MAX) {
PORT_SetError(SEC_ERROR_BAD_DER);
GEN_BREAK(SECFailure);
}
value->pathLenConstraint = len;
}
else {
} else {
/* here we get an error where the subject is not a CA, but
the pathLenConstraint is set */
PORT_SetError(SEC_ERROR_BAD_DER);

15
security/nss/lib/certhigh/certhigh.c
Просмотреть файл

@ -40,8 +40,7 @@ CERT_MatchNickname(char *name1, char *name2)
if (token1) {
nickname1 = token1;
nickname2 = name2;
}
else {
} else {
nickname1 = token2;
nickname2 = name1;
}
@ -167,8 +166,7 @@ CERT_FindUserCertsByUsage(CERTCertDBHandle *handle,
freenode = node;
node = CERT_LIST_NEXT(node);
CERT_RemoveCertListNode(freenode);
}
else {
} else {
/* keep the first cert for each nickname, but set the
* flag so we know to delete any others with the same
* nickname.
@ -908,8 +906,7 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
trust.sslFlags = CERTDB_VALID_CA;
trust.emailFlags = CERTDB_VALID_CA;
trust.objectSigningFlags = CERTDB_VALID_CA;
}
else {
} else {
/* SSL ca's must have the ssl bit set */
if ((certUsage == certUsageSSLCA) &&
((certtype & NS_CERT_TYPE_SSL_CA) != NS_CERT_TYPE_SSL_CA)) {
@ -959,8 +956,7 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
if (nickname) {
PORT_Free(nickname);
}
}
else {
} else {
rv = SECSuccess;
}
@ -1093,8 +1089,7 @@ CERT_CertChainFromCert(CERTCertificate *cert, SECCertUsage usage,
}
if (!includeRoot && len > 1) {
chain->len = len - 1;
}
else {
} else {
chain->len = len;
}

274
security/nss/lib/certhigh/certvfy.c
Просмотреть файл

@ -61,12 +61,10 @@ checkKeyParams(const SECAlgorithmID *sigAlgorithm, const SECKEYPublicKey *key)
!(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
return SECFailure;
}
else {
} else {
return SECSuccess;
}
}
else {
} else {
PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
return SECFailure;
}
@ -343,22 +341,19 @@ cert_AddToVerifyLog(CERTVerifyLog *log, CERTCertificate *cert, long error,
log->head = log->tail = node;
node->prev = NULL;
node->next = NULL;
}
else if (depth >= log->tail->depth) {
} else if (depth >= log->tail->depth) {
/* add to tail */
node->prev = log->tail;
log->tail->next = node;
log->tail = node;
node->next = NULL;
}
else if (depth < log->head->depth) {
} else if (depth < log->head->depth) {
/* add at head */
node->prev = NULL;
node->next = log->head;
log->head->prev = node;
log->head = node;
}
else {
} else {
/* add in middle */
tnode = log->tail;
while (tnode != NULL) {
@ -389,8 +384,7 @@ cert_AddToVerifyLog(CERTVerifyLog *log, CERTCertificate *cert, long error,
if (log != NULL) { \
cert_AddToVerifyLog(log, cert, PORT_GetError(), depth, \
(void *)(PRWord)arg); \
} \
else { \
} else { \
goto loser; \
}
@ -458,14 +452,14 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
PORT_Assert(0);
EXIT_IF_NOT_LOGGING(log);
/* XXX continuing with requiredFlags = 0 seems wrong. It'll
* cause the following test to be true incorrectly:
* flags = SEC_GET_TRUST_FLAGS(issuerCert->trust, trustType);
* if (( flags & requiredFlags ) == requiredFlags) {
* rv = rvFinal;
* goto done;
* }
* There are three other instances of this problem.
*/
* cause the following test to be true incorrectly:
* flags = SEC_GET_TRUST_FLAGS(issuerCert->trust, trustType);
* if (( flags & requiredFlags ) == requiredFlags) {
* rv = rvFinal;
* goto done;
* }
* There are three other instances of this problem.
*/
requiredFlags = 0;
trustType = trustSSL;
}
@ -475,8 +469,8 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
EXIT_IF_NOT_LOGGING(log);
requiredFlags = 0;
trustType = trustSSL; /* This used to be 0, but we need something
* that matches the enumeration type.
*/
* that matches the enumeration type.
*/
caCertType = 0;
}
@ -503,10 +497,10 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
PRBool validCAOverride = PR_FALSE;
/* Construct a list of names for the current and all previous
* certifcates (except leaf (EE) certs, root CAs, and self-issued
* intermediate CAs) to be verified against the name constraints
* extension of the issuer certificate.
*/
* certifcates (except leaf (EE) certs, root CAs, and self-issued
* intermediate CAs) to be verified against the name constraints
* extension of the issuer certificate.
*/
if (subjectCertIsSelfIssued == PR_FALSE) {
CERTGeneralName *subjectNameList;
int subjectNameListLen;
@ -565,8 +559,7 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
if (PORT_GetError() == SEC_ERROR_EXPIRED_CERTIFICATE) {
PORT_SetError(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE);
LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, 0);
}
else {
} else {
if (PORT_GetError() !=
SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED) {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
@ -577,13 +570,13 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
}
/* If the basicConstraint extension is included in an immediate CA
* certificate, make sure that the isCA flag is on. If the
* pathLenConstraint component exists, it must be greater than the
* number of CA certificates we have seen so far. If the extension
* is omitted, we will assume that this is a CA certificate with
* an unlimited pathLenConstraint (since it already passes the
* netscape-cert-type extension checking).
*/
* certificate, make sure that the isCA flag is on. If the
* pathLenConstraint component exists, it must be greater than the
* number of CA certificates we have seen so far. If the extension
* is omitted, we will assume that this is a CA certificate with
* an unlimited pathLenConstraint (since it already passes the
* netscape-cert-type extension checking).
*/
rv = CERT_FindBasicConstraintExten(issuerCert, &basicConstraint);
if (rv != SECSuccess) {
@ -593,8 +586,7 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
pathLengthLimit = CERT_UNLIMITED_PATH_CONSTRAINT;
/* no basic constraints found, we aren't (yet) a CA. */
isca = PR_FALSE;
}
else {
} else {
if (basicConstraint.isCA == PR_FALSE) {
PORT_SetError(SEC_ERROR_CA_CERT_INVALID);
LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, 0);
@ -620,8 +612,8 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
}
/* XXX - the error logging may need to go down into CRL stuff at some
* point
*/
* point
*/
/* check revoked list (issuer) */
rv = SEC_CheckCRL(handle, subjectCert, issuerCert, t, wincx);
if (rv == SECFailure) {
@ -629,8 +621,7 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
*revoked = PR_TRUE;
}
LOG_ERROR_OR_EXIT(log, subjectCert, count, 0);
}
else if (rv == SECWouldBlock) {
} else if (rv == SECWouldBlock) {
/* We found something fishy, so we intend to issue an
* error to the user, but the user may wish to continue
* processing, in which case we better make sure nothing
@ -644,26 +635,24 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
if (CERT_GetCertTrust(issuerCert, &issuerTrust) == SECSuccess) {
/* we have some trust info, but this does NOT imply that this
* cert is actually trusted for any purpose. The cert may be
* explicitly UNtrusted. We won't know until we examine the
* trust bits.
*/
* cert is actually trusted for any purpose. The cert may be
* explicitly UNtrusted. We won't know until we examine the
* trust bits.
*/
unsigned int flags;
if (certUsage != certUsageAnyCA &&
certUsage != certUsageStatusResponder) {
/*
* XXX This choice of trustType seems arbitrary.
*/
* XXX This choice of trustType seems arbitrary.
*/
if (certUsage == certUsageVerifyCA) {
if (subjectCert->nsCertType & NS_CERT_TYPE_EMAIL_CA) {
trustType = trustEmail;
}
else if (subjectCert->nsCertType & NS_CERT_TYPE_SSL_CA) {
} else if (subjectCert->nsCertType & NS_CERT_TYPE_SSL_CA) {
trustType = trustSSL;
}
else {
} else {
trustType = trustObjectSigning;
}
}
@ -681,12 +670,11 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
if ((flags & CERTDB_TERMINAL_RECORD) &&
((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0)) {
/* untrusted -- the cert is explicitly untrusted, not
* just that it doesn't chain to a trusted cert */
* just that it doesn't chain to a trusted cert */
PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, flags);
}
}
else {
} else {
/* Check if we have any valid trust when cheching for
* certUsageAnyCA or certUsageStatusResponder. */
for (trustType = trustSSL; trustType < trustTypeNone;
@ -700,9 +688,9 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
validCAOverride = PR_TRUE;
}
/* We have 2 separate loops because we want any single trust
* bit to allow this usage to return trusted. Only if none of
* the trust bits are on do we check to see if the cert is
* untrusted */
* bit to allow this usage to return trusted. Only if none of
* the trust bits are on do we check to see if the cert is
* untrusted */
for (trustType = trustSSL; trustType < trustTypeNone;
trustType++) {
flags = SEC_GET_TRUST_FLAGS(&issuerTrust, trustType);
@ -710,7 +698,7 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
if ((flags & CERTDB_TERMINAL_RECORD) &&
((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0)) {
/* untrusted -- the cert is explicitly untrusted, not
* just that it doesn't chain to a trusted cert */
* just that it doesn't chain to a trusted cert */
PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, flags);
}
@ -720,14 +708,14 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
if (!validCAOverride) {
/*
* Make sure that if this is an intermediate CA in the chain that
* it was given permission by its signer to be a CA.
*/
* Make sure that if this is an intermediate CA in the chain that
* it was given permission by its signer to be a CA.
*/
/*
* if basicConstraints says it is a ca, then we check the
* nsCertType. If the nsCertType has any CA bits set, then
* it must have the right one.
*/
* if basicConstraints says it is a ca, then we check the
* nsCertType. If the nsCertType has any CA bits set, then
* it must have the right one.
*/
if (!isca || (issuerCert->nsCertType & NS_CERT_TYPE_CA)) {
isca = (issuerCert->nsCertType & caCertType) ? PR_TRUE : PR_FALSE;
}
@ -745,17 +733,17 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
}
/* make sure that the issuer is not self signed. If it is, then
* stop here to prevent looping.
*/
* stop here to prevent looping.
*/
if (issuerCert->isRoot) {
PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
LOG_ERROR(log, issuerCert, count + 1, 0);
goto loser;
}
/* The issuer cert will be the subject cert in the next loop.
* A cert is self-issued if its subject and issuer are equal and
* both are of non-zero length.
*/
* A cert is self-issued if its subject and issuer are equal and
* both are of non-zero length.
*/
subjectCertIsSelfIssued = (PRBool)
SECITEM_ItemsAreEqual(&issuerCert->derIssuer,
&issuerCert->derSubject) &&
@ -763,8 +751,8 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
0;
if (subjectCertIsSelfIssued == PR_FALSE) {
/* RFC 3280 says only non-self-issued intermediate CA certs
* count in path length.
*/
* count in path length.
*/
++currentPathLen;
}
@ -871,8 +859,8 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert,
EXIT_IF_NOT_LOGGING(log);
requiredFlags = 0;
trustType = trustSSL; /* This used to be 0, but we need something
* that matches the enumeration type.
*/
* that matches the enumeration type.
*/
caCertType = 0;
}
@ -892,8 +880,7 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert,
}
/* no basic constraints found, we aren't (yet) a CA. */
isca = PR_FALSE;
}
else {
} else {
if (basicConstraint.isCA == PR_FALSE) {
PORT_SetError(SEC_ERROR_CA_CERT_INVALID);
LOG_ERROR_OR_EXIT(log, cert, 0, 0);
@ -905,10 +892,10 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert,
if (CERT_GetCertTrust(cert, &certTrust) == SECSuccess) {
/* we have some trust info, but this does NOT imply that this
* cert is actually trusted for any purpose. The cert may be
* explicitly UNtrusted. We won't know until we examine the
* trust bits.
*/
* cert is actually trusted for any purpose. The cert may be
* explicitly UNtrusted. We won't know until we examine the
* trust bits.
*/
if (certUsage == certUsageStatusResponder) {
/* Check the special case of certUsageStatusResponder */
issuerCert = CERT_FindCertIssuer(cert, t, certUsage);
@ -922,16 +909,16 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert,
CERT_DestroyCertificate(issuerCert);
}
/* XXX We have NOT determined that this cert is trusted.
* For years, NSS has treated this as trusted,
* but it seems incorrect.
*/
* For years, NSS has treated this as trusted,
* but it seems incorrect.
*/
rv = rvFinal;
goto done;
}
/*
* check the trust params of the issuer
*/
* check the trust params of the issuer
*/
flags = SEC_GET_TRUST_FLAGS(&certTrust, trustType);
if ((flags & requiredFlags) == requiredFlags) {
/* we found a trusted one, so return */
@ -945,21 +932,21 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert,
if ((flags & CERTDB_TERMINAL_RECORD) &&
((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0)) {
/* untrusted -- the cert is explicitly untrusted, not
* just that it doesn't chain to a trusted cert */
* just that it doesn't chain to a trusted cert */
PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
LOG_ERROR_OR_EXIT(log, cert, 0, flags);
}
}
if (!validCAOverride) {
/*
* Make sure that if this is an intermediate CA in the chain that
* it was given permission by its signer to be a CA.
*/
* Make sure that if this is an intermediate CA in the chain that
* it was given permission by its signer to be a CA.
*/
/*
* if basicConstraints says it is a ca, then we check the
* nsCertType. If the nsCertType has any CA bits set, then
* it must have the right one.
*/
* if basicConstraints says it is a ca, then we check the
* nsCertType. If the nsCertType has any CA bits set, then
* it must have the right one.
*/
if (!isca || (cert->nsCertType & NS_CERT_TYPE_CA)) {
isca = (cert->nsCertType & caCertType) ? PR_TRUE : PR_FALSE;
}
@ -1041,12 +1028,11 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage,
/* is the cert directly trusted or not trusted ? */
if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
* authoritative */
* authoritative */
if (flags & CERTDB_TRUSTED) { /* trust this cert */
*trusted = PR_TRUE;
return SECSuccess;
}
else { /* don't trust this cert */
} else { /* don't trust this cert */
*failedFlags = flags;
return SECFailure;
}
@ -1056,7 +1042,7 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage,
/* XXX - step up certs can't be directly trusted, only distrust */
flags = trust.sslFlags;
if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
* authoritative */
* authoritative */
if ((flags & CERTDB_TRUSTED) == 0) {
/* don't trust this cert */
*failedFlags = flags;
@ -1067,7 +1053,7 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage,
case certUsageSSLCA:
flags = trust.sslFlags;
if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
* authoritative */
* authoritative */
if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) {
/* don't trust this cert */
*failedFlags = flags;
@ -1079,12 +1065,11 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage,
case certUsageEmailRecipient:
flags = trust.emailFlags;
if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
* authoritative */
* authoritative */
if (flags & CERTDB_TRUSTED) { /* trust this cert */
*trusted = PR_TRUE;
return SECSuccess;
}
else { /* don't trust this cert */
} else { /* don't trust this cert */
*failedFlags = flags;
return SECFailure;
}
@ -1095,12 +1080,11 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage,
flags = trust.objectSigningFlags;
if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
* authoritative */
* authoritative */
if (flags & CERTDB_TRUSTED) { /* trust this cert */
*trusted = PR_TRUE;
return SECSuccess;
}
else { /* don't trust this cert */
} else { /* don't trust this cert */
*failedFlags = flags;
return SECFailure;
}
@ -1135,7 +1119,7 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage,
/* do we distrust these certs explicitly */
flags = trust.sslFlags;
if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
* authoritative */
* authoritative */
if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) {
*failedFlags = flags;
return SECFailure;
@ -1143,7 +1127,7 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage,
}
flags = trust.emailFlags;
if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
* authoritative */
* authoritative */
if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) {
*failedFlags = flags;
return SECFailure;
@ -1153,7 +1137,7 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage,
case certUsageProtectedObjectSigner:
flags = trust.objectSigningFlags;
if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
* authoritative */
* authoritative */
if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) {
*failedFlags = flags;
return SECFailure;
@ -1207,8 +1191,7 @@ CERT_VerifyCertificate(CERTCertDBHandle *handle, CERTCertificate *cert,
if (returnedUsages) {
*returnedUsages = 0;
}
else {
} else {
/* we don't have a place to return status for all usages,
so we can skip checks for usages that aren't required */
checkAllUsages = PR_FALSE;
@ -1293,8 +1276,7 @@ CERT_VerifyCertificate(CERTCertDBHandle *handle, CERTCertificate *cert,
}
LOG_ERROR(log, cert, 0, flags);
INVALID_USAGE();
}
else if (trusted) {
} else if (trusted) {
VALID_USAGE();
}
@ -1434,8 +1416,7 @@ cert_VerifyCertWithFlags(CERTCertDBHandle *handle, CERTCertificate *cert,
if (rv == SECFailure) {
PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
LOG_ERROR_OR_EXIT(log, cert, 0, failedFlags);
}
else if (trusted) {
} else if (trusted) {
goto done;
}
@ -1502,12 +1483,12 @@ CERT_VerifyCertNow(CERTCertDBHandle *handle, CERTCertificate *cert,
/* [ FROM pcertdb.c ] */
/*
* Supported usage values and types:
* certUsageSSLClient
* certUsageSSLServer
* certUsageSSLServerWithStepUp
* certUsageEmailSigner
* certUsageEmailRecipient
* certUsageObjectSigner
* certUsageSSLClient
* certUsageSSLServer
* certUsageSSLServerWithStepUp
* certUsageEmailSigner
* certUsageEmailRecipient
* certUsageObjectSigner
*/
CERTCertificate *
@ -1561,16 +1542,15 @@ CERT_FindMatchingCert(CERTCertDBHandle *handle, SECItem *derName,
if (CERT_GetCertTrust(cert, &certTrust) != SECSuccess) {
flags = 0;
}
else {
} else {
flags = SEC_GET_TRUST_FLAGS(&certTrust, requiredTrustType);
}
if ((flags & requiredTrustFlags) != requiredTrustFlags) {
/* cert is not trusted */
/* if this is the first cert to get this far, then save
* it, so we can use it if we can't find a trusted one
*/
* it, so we can use it if we can't find a trusted one
*/
if (saveUntrustedCA == NULL) {
saveUntrustedCA = cert;
}
@ -1614,11 +1594,11 @@ loser:
* Filter a list of certificates, removing those certs that do not have
* one of the named CA certs somewhere in their cert chain.
*
* "certList" - the list of certificates to filter
* "nCANames" - number of CA names
* "caNames" - array of CA names in string(rfc 1485) form
* "usage" - what use the certs are for, this is used when
* selecting CA certs
* "certList" - the list of certificates to filter
* "nCANames" - number of CA names
* "caNames" - array of CA names in string(rfc 1485) form
* "usage" - what use the certs are for, this is used when
* selecting CA certs
*/
SECStatus
CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames,
@ -1683,8 +1663,7 @@ CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames,
freenode = node;
node = CERT_LIST_NEXT(node);
CERT_RemoveCertListNode(freenode);
}
else {
} else {
/* CA was found, so leave it in the list */
node = CERT_LIST_NEXT(node);
}
@ -1699,12 +1678,12 @@ CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames,
* certificate.
*
* "arena" - arena to allocate returned string from. If NULL, then heap
* is used.
* is used.
* "cert" - the cert to get nickname from
* "expiredString" - the string to append to the nickname if the cert is
* expired.
* expired.
* "notYetGoodString" - the string to append to the nickname if the cert is
* not yet good.
* not yet good.
*/
char *
CERT_GetCertNicknameWithValidity(PLArenaPool *arena, CERTCertificate *cert,
@ -1719,30 +1698,26 @@ CERT_GetCertNicknameWithValidity(PLArenaPool *arena, CERTCertificate *cert,
if (validity == secCertTimeValid) {
if (arena == NULL) {
nickname = PORT_Strdup(cert->nickname);
}
else {
} else {
nickname = PORT_ArenaStrdup(arena, cert->nickname);
}
if (nickname == NULL) {
goto loser;
}
}
else {
} else {
/* if the cert is not valid, then tack one of the strings on the
* end
*/
* end
*/
if (validity == secCertTimeExpired) {
tmpstr = PR_smprintf("%s%s", cert->nickname,
expiredString);
}
else if (validity == secCertTimeNotValidYet) {
} else if (validity == secCertTimeNotValidYet) {
/* not yet valid */
tmpstr = PR_smprintf("%s%s", cert->nickname,
notYetGoodString);
}
else {
} else {
/* undetermined */
tmpstr = PR_smprintf("%s",
"(NULL) (Validity Unknown)");
@ -1756,8 +1731,7 @@ CERT_GetCertNicknameWithValidity(PLArenaPool *arena, CERTCertificate *cert,
/* copy the string into the arena and free the malloc'd one */
nickname = PORT_ArenaStrdup(arena, tmpstr);
PORT_Free(tmpstr);
}
else {
} else {
nickname = tmpstr;
}
if (nickname == NULL) {
@ -1777,7 +1751,7 @@ loser:
* "certList" - the list of certificates
* "expiredString" - the string to append to the nickname of any expired cert
* "notYetGoodString" - the string to append to the nickname of any cert
* that is not yet valid
* that is not yet valid
*/
CERTCertNicknames *
CERT_NicknameStringsFromCertList(CERTCertList *certList, char *expiredString,
@ -1859,10 +1833,10 @@ loser:
* expiredString or notYetGoodString appended.
*
* Args:
* "namestring" - the string containing the nickname, and possibly
* one of the validity label strings
* "expiredString" - the expired validity label string
* "notYetGoodString" - the not yet good validity label string
* "namestring" - the string containing the nickname, and possibly
* one of the validity label strings
* "expiredString" - the expired validity label string
* "notYetGoodString" - the not yet good validity label string
*
* Returns the raw nickname
*/

25
security/nss/lib/certhigh/certvfypkix.c
Просмотреть файл

@ -696,8 +696,7 @@ cleanup:
if (PKIX_ERROR_RECEIVED) {
if (validChain) {
CERT_DestroyCertList(validChain);
}
else if (arena) {
} else if (arena) {
PORT_FreeArena(arena, PR_FALSE);
}
if (nssCert) {
@ -838,8 +837,7 @@ cert_PkixErrorToNssCode(
PORT_Assert(nssErr);
if (!nssErr) {
*pNssErr = SEC_ERROR_LIBPKIX_INTERNAL;
}
else {
} else {
*pNssErr = nssErr;
}
@ -898,8 +896,7 @@ cert_GetLogFromVerifyNode(
}
}
PKIX_RETURN(CERTVFYPKIX);
}
else {
} else {
PRUint32 i = 0;
PKIX_UInt32 length = 0;
@ -1137,9 +1134,8 @@ cert_VerifyCertChainPkix(
fnStackNameArr[0] = "cert_VerifyCertChainPkix";
fnStackInvCountArr[0] = 0;
PKIX_Boolean abortOnLeak =
(PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ?
PKIX_FALSE
: PKIX_TRUE;
(PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ? PKIX_FALSE
: PKIX_TRUE;
runningLeakTest = PKIX_TRUE;
/* Prevent multi-threaded run of object leak test */
@ -1501,8 +1497,7 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
errCode = SEC_ERROR_INVALID_TIME;
break;
}
}
else {
} else {
error = pkix_pl_Date_CreateFromPRTime(param->value.scalar.time,
&date, plContext);
if (error != NULL) {
@ -2019,9 +2014,8 @@ CERT_PKIXVerifyCert(
fnStackNameArr[0] = "CERT_PKIXVerifyCert";
fnStackInvCountArr[0] = 0;
PKIX_Boolean abortOnLeak =
(PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ?
PKIX_FALSE
: PKIX_TRUE;
(PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ? PKIX_FALSE
: PKIX_TRUE;
runningLeakTest = PKIX_TRUE;
/* Prevent multi-threaded run of object leak test */
@ -2149,8 +2143,7 @@ CERT_PKIXVerifyCert(
if (trustAnchorCert != NULL) {
oparam->value.pointer.cert =
cert_NSSCertFromPKIXCert(trustAnchorCert);
}
else {
} else {
oparam->value.pointer.cert = NULL;
}
}

6
security/nss/lib/certhigh/crlv2.c
Просмотреть файл

@ -80,16 +80,14 @@ CERT_FindCRLNumberExten(PLArenaPool *arena, CERTCrl *crl,
rv = SEC_QuickDERDecodeItem(arena, value,
SEC_ASN1_GET(SEC_IntegerTemplate),
tmpItem);
}
else {
} else {
rv = SECFailure;
}
PORT_Free(encodedExtenValue.data);
if (rv == SECFailure) {
PORT_ArenaRelease(arena, mark);
}
else {
} else {
PORT_ArenaUnmark(arena, mark);
}
return (rv);

133
security/nss/lib/certhigh/ocsp.c
Просмотреть файл

@ -206,8 +206,7 @@ printHexString(const char *prefix, SECItem *hexval)
for (i = 0; i < hexval->len; i++) {
if (i != hexval->len - 1) {
hexbuf = PR_sprintf_append(hexbuf, "%02x:", hexval->data[i]);
}
else {
} else {
hexbuf = PR_sprintf_append(hexbuf, "%02x", hexval->data[i]);
}
}
@ -358,8 +357,7 @@ ocsp_CopyRevokedInfo(PLArenaPool *arena, ocspCertStatus *dest,
if (!dest->certStatusInfo.revokedInfo->revocationReason) {
goto loser;
}
}
else {
} else {
dest->certStatusInfo.revokedInfo->revocationReason = NULL;
}
@ -461,15 +459,13 @@ ocsp_RemoveCacheItemFromLinkedList(OCSPCacheData *cache, OCSPCacheItem *item)
PORT_Assert(item->moreRecent->lessRecent == item);
cache->LRUitem = item->moreRecent;
cache->LRUitem->lessRecent = NULL;
}
else if (item == cache->MRUitem) {
} else if (item == cache->MRUitem) {
PORT_Assert(item->moreRecent == NULL);
PORT_Assert(item->lessRecent != NULL);
PORT_Assert(item->lessRecent->moreRecent == item);
cache->MRUitem = item->lessRecent;
cache->MRUitem->moreRecent = NULL;
}
else {
} else {
/* remove an entry in the middle of the list */
PORT_Assert(item->moreRecent != NULL);
PORT_Assert(item->lessRecent != NULL);
@ -682,8 +678,7 @@ ocsp_SetCacheItemResponse(OCSPCacheItem *item,
rv = DER_GeneralizedTimeToTime(&item->nextUpdate,
response->nextUpdate);
item->haveNextUpdate = (rv == SECSuccess);
}
else {
} else {
item->haveNextUpdate = PR_FALSE;
}
}
@ -711,8 +706,7 @@ ocsp_FreshenCacheItemNextFetchAttemptTime(OCSPCacheItem *cacheItem)
MICROSECONDS_PER_SECOND;
OCSP_TRACE_TIME("latestTimeWhenResponseIsConsideredFresh:",
latestTimeWhenResponseIsConsideredFresh);
}
else {
} else {
latestTimeWhenResponseIsConsideredFresh = now +
OCSP_Global.minimumSecondsToNextFetchAttempt *
MICROSECONDS_PER_SECOND;
@ -820,8 +814,7 @@ ocsp_CreateOrUpdateCacheEntry(OCSPCacheData *cache,
if (certIDWasConsumed) {
myCertID = certID;
*certIDWasConsumed = PR_TRUE;
}
else {
} else {
myCertID = cert_DupOCSPCertID(certID);
if (!myCertID) {
PR_ExitMonitor(OCSP_Global.monitor);
@ -849,13 +842,11 @@ ocsp_CreateOrUpdateCacheEntry(OCSPCacheData *cache,
PR_ExitMonitor(OCSP_Global.monitor);
return rv;
}
}
else {
} else {
OCSP_TRACE(("Not caching response because the response is not "
"newer than the cache"));
}
}
else {
} else {
cacheItem->missingResponseError = PORT_GetError();
if (cacheItem->certStatusArena) {
PORT_FreeArena(cacheItem->certStatusArena, PR_FALSE);
@ -902,11 +893,9 @@ CERT_OCSPCacheSettings(PRInt32 maxCacheEntries,
if (maxCacheEntries < 0) {
OCSP_Global.maxCacheEntries = -1; /* disable cache */
}
else if (maxCacheEntries == 0) {
} else if (maxCacheEntries == 0) {
OCSP_Global.maxCacheEntries = 0; /* unlimited cache entries */
}
else {
} else {
OCSP_Global.maxCacheEntries = maxCacheEntries;
}
@ -964,8 +953,7 @@ OCSP_InitGlobal(void)
OCSP_Global.cache.numberOfEntries = 0;
OCSP_Global.cache.MRUitem = NULL;
OCSP_Global.cache.LRUitem = NULL;
}
else {
} else {
/*
* NSS might call this function twice while attempting to init.
* But it's not allowed to call this again after any activity.
@ -1623,8 +1611,7 @@ ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg,
goto loser;
}
digestBuff = result->data;
}
else {
} else {
if (fill->len < digestObject->length) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
goto loser;
@ -1649,8 +1636,7 @@ ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg,
loser:
if (arena != NULL) {
PORT_ArenaRelease(arena, mark);
}
else {
} else {
if (result != NULL) {
SECITEM_FreeItem(result, (fill == NULL) ? PR_TRUE : PR_FALSE);
}
@ -2909,8 +2895,7 @@ ocsp_ParseURL(const char *url, char **pHostname, PRUint16 *pPort, char **pPath)
goto loser;
PORT_Memcpy(path, save, len);
path[len] = '\0';
}
else {
} else {
path = PORT_Strdup("/");
if (path == NULL)
goto loser;
@ -2975,8 +2960,7 @@ ocsp_ConnectToHost(const char *host, PRUint16 port)
} while (PR_Connect(sock, &addr, timeout) != PR_SUCCESS);
PORT_Free(netdbbuf);
}
else {
} else {
/*
* First put the port into the address, then connect.
*/
@ -3054,8 +3038,7 @@ ocsp_SendEncodedRequest(const char *location, const SECItem *encodedRequest)
*/
if (PR_Write(sock, header, (PRInt32)PORT_Strlen(header)) < 0)
goto loser;
}
else {
} else {
header = PR_smprintf("POST %s HTTP/1.0\r\n"
"Host: %s%s\r\n"
"Content-Type: application/ocsp-request\r\n"
@ -3111,8 +3094,7 @@ ocsp_read(PRFileDesc *fd, char *buf, int toread, PRIntervalTime timeout)
total = -1; /* report the error if we didn't read anything yet */
}
break;
}
else if (got == 0) { /* EOS */
} else if (got == 0) { /* EOS */
break;
}
@ -3188,8 +3170,7 @@ ocsp_GetEncodedResponse(PLArenaPool *arena, PRFileDesc *sock)
EOS or there was a read error */
EOS = PR_TRUE;
}
}
else {
} else {
/* recv error or EOS */
EOS = PR_TRUE;
}
@ -3260,15 +3241,13 @@ ocsp_GetEncodedResponse(PLArenaPool *arena, PRFileDesc *sock)
if (0 == PORT_Strcasecmp(nextHeader, "content-type")) {
contenttype = value;
}
else if (0 == PORT_Strcasecmp(nextHeader, "content-length")) {
} else if (0 == PORT_Strcasecmp(nextHeader, "content-length")) {
contentlength = atoi(value);
}
if (thisHeaderEnd) {
nextHeader = thisHeaderEnd + CRLFlen;
}
else {
} else {
nextHeader = NULL;
}
@ -3308,8 +3287,7 @@ ocsp_GetEncodedResponse(PLArenaPool *arena, PRFileDesc *sock)
EOS or there was a read error */
EOS = PR_TRUE;
}
}
else {
} else {
/* recv error or EOS */
EOS = PR_TRUE;
}
@ -3643,11 +3621,9 @@ ocsp_GetEncodedOCSPResponseFromRequest(PLArenaPool *arena,
if (!strcmp(method, "GET")) {
encodedResponse = cert_GetOCSPResponse(arena, location, encodedRequest);
}
else if (!strcmp(method, "POST")) {
} else if (!strcmp(method, "POST")) {
encodedResponse = CERT_PostOCSPRequest(arena, location, encodedRequest);
}
else {
} else {
goto loser;
}
@ -3711,8 +3687,7 @@ cert_GetOCSPResponse(PLArenaPool *arena, const char *location,
*/
if (arena) {
fullGetPath = (char *)PORT_ArenaAlloc(arena, getURLLength);
}
else {
} else {
fullGetPath = (char *)PORT_Alloc(getURLLength);
}
if (!fullGetPath) {
@ -3757,8 +3732,7 @@ cert_FetchOCSPResponse(PLArenaPool *arena, const char *location,
&registeredHttpClient->fcnTable.ftable1,
location,
encodedRequest);
}
else {
} else {
/* use internal http client */
PRFileDesc *sock = ocsp_SendEncodedRequest(location, encodedRequest);
if (sock) {
@ -3968,14 +3942,12 @@ ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData,
if (rv != SECSuccess) {
if (PORT_GetError() == SEC_ERROR_BAD_DER)
PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
}
else {
} else {
signerCert = CERT_FindCertByName(handle, &encodedName);
}
PORT_FreeArena(arena, PR_FALSE);
}
}
else {
} else {
/*
* The signer is either 1) a known issuer CA we passed in,
* 2) the default OCSP responder, or 3) an intermediate CA
@ -3986,8 +3958,7 @@ ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData,
ocsp_CertGetDefaultResponder(handle, NULL);
if (responder && ocsp_matchcert(certIndex, responder)) {
signerCert = CERT_DupCertificate(responder);
}
else if (issuer && ocsp_matchcert(certIndex, issuer)) {
} else if (issuer && ocsp_matchcert(certIndex, issuer)) {
signerCert = CERT_DupCertificate(issuer);
}
for (i = 0; (signerCert == NULL) && (i < certCount); i++) {
@ -4111,8 +4082,7 @@ CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
if (signature->status == SECSuccess) {
if (pSignerCert != NULL)
*pSignerCert = CERT_DupCertificate(signature->cert);
}
else {
} else {
PORT_SetError(signature->failureReason);
}
return signature->status;
@ -4153,13 +4123,11 @@ CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
*/
if (ocsp_CertIsOCSPDefaultResponder(handle, signerCert)) {
rv = SECSuccess;
}
else {
} else {
SECCertUsage certUsage;
if (CERT_IsCACert(signerCert, NULL)) {
certUsage = certUsageAnyCA;
}
else {
} else {
certUsage = certUsageStatusResponder;
}
rv = cert_VerifyCertWithFlags(handle, signerCert, PR_TRUE, certUsage,
@ -4183,8 +4151,7 @@ finish:
signature->failureReason = PORT_GetError();
if (signerCert != NULL)
CERT_DestroyCertificate(signerCert);
}
else {
} else {
/*
* Save signer's certificate in signature.
*/
@ -4672,8 +4639,7 @@ ocsp_VerifySingleResponse(CERTOCSPSingleResponse *single,
LL_ADD(tmp, tmp, nextUpdate);
if (LL_CMP(tmp, <, now) || LL_CMP(producedAt, >, nextUpdate))
return ocsp_HandleOldSingleResponse(single, now);
}
else if (ocsp_TimeIsRecent(thisUpdate) != PR_TRUE) {
} else if (ocsp_TimeIsRecent(thisUpdate) != PR_TRUE) {
return ocsp_HandleOldSingleResponse(single, now);
}
@ -4955,8 +4921,7 @@ ocsp_GetCachedOCSPResponseStatus(CERTOCSPCertID *certID,
if (*rvOcsp != SECSuccess) {
*missingResponseError = PORT_GetError();
}
}
else {
} else {
/*
* No status cached, the previous attempt failed.
* If OCSP is required, we never decide based on a failed attempt
@ -5078,10 +5043,9 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
if (ocsp_FetchingFailureIsVerificationFailure()) {
PORT_SetError(err);
rvOcsp = SECFailure;
}
else if (cachedResponseFreshness == ocspStale &&
(cachedErrorCode == SEC_ERROR_OCSP_UNKNOWN_CERT ||
cachedErrorCode == SEC_ERROR_REVOKED_CERTIFICATE)) {
} else if (cachedResponseFreshness == ocspStale &&
(cachedErrorCode == SEC_ERROR_OCSP_UNKNOWN_CERT ||
cachedErrorCode == SEC_ERROR_REVOKED_CERTIFICATE)) {
/* If we couldn't get a response for a certificate that the OCSP
* responder previously told us was bad, then assume it is still
* bad until we hear otherwise, as it is very unlikely that the
@ -5091,8 +5055,7 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
*/
PORT_SetError(cachedErrorCode);
rvOcsp = SECFailure;
}
else {
} else {
rvOcsp = SECSuccess;
}
}
@ -5267,8 +5230,7 @@ ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle,
PR_EnterMonitor(OCSP_Global.monitor);
if (OCSP_Global.forcePost) {
currentStage = stagePOST;
}
else {
} else {
currentStage = stageGET;
}
PR_ExitMonitor(OCSP_Global.monitor);
@ -5327,8 +5289,7 @@ ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle,
if (currentStage == stageGET) {
method = "GET";
}
else {
} else {
PORT_Assert(currentStage == stagePOST);
method = "POST";
}
@ -5363,18 +5324,15 @@ ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle,
if (validResponseWithAccurateInfo) {
ocsp_CacheSingleResponse(certID, singleResponse,
certIDWasConsumed);
}
else {
} else {
retry = PR_TRUE;
currentStage = stagePOST;
}
}
else {
} else {
/* cache the POST respone, regardless of status */
if (!singleResponse) {
cert_RememberOCSPProcessingFailure(certID, certIDWasConsumed);
}
else {
} else {
ocsp_CacheSingleResponse(certID, singleResponse,
certIDWasConsumed);
}
@ -5948,8 +5906,7 @@ CERT_SetOCSPDefaultResponder(CERTCertDBHandle *handle,
statusContext->defaultResponderCert = cert;
/*OCSP enabled, switching responder: clear cache*/
CERT_ClearOCSPCache();
}
else {
} else {
PORT_Assert(statusContext->useDefaultResponder == PR_FALSE);
CERT_DestroyCertificate(cert);
/*OCSP currently not enabled, no need to clear cache*/

6
security/nss/lib/certhigh/ocspsig.c
Просмотреть файл

@ -460,16 +460,14 @@ CERT_CreateEncodedOCSPSuccessResponse(
/* convert len-in-bytes to len-in-bits */
br->responseSignature.signature.len = br->responseSignature.signature.len << 3;
}
else {
} else {
rid->responderIDType = responderIDType;
if (responderIDType == ocspResponderID_byName) {
responderIDTemplate = ocsp_ResponderIDByNameTemplate;
if (CERT_CopyName(tmpArena, &rid->responderIDValue.name,
&responderCert->subject) != SECSuccess)
goto done;
}
else {
} else {
responderIDTemplate = ocsp_ResponderIDByKeyTemplate;
if (!CERT_GetSubjectPublicKeyDigest(tmpArena, responderCert,
SEC_OID_SHA1, &rid->responderIDValue.keyHash))

2
security/nss/lib/ckfw/builtins/anchor.c
Просмотреть файл

@ -13,5 +13,5 @@
#include "builtins.h"
#define MODULE_NAME builtins
#define INSTANCE_NAME (NSSCKMDInstance *) & nss_builtins_mdInstance
#define INSTANCE_NAME (NSSCKMDInstance *)&nss_builtins_mdInstance
#include "nssck.api"

6
security/nss/lib/ckfw/builtins/bfind.c
Просмотреть файл

@ -126,8 +126,7 @@ builtins_attrmatch(
if (PR_TRUE == prb) {
return CK_TRUE;
}
else {
} else {
return CK_FALSE;
}
}
@ -147,8 +146,7 @@ builtins_match(
if (o->types[j] == pTemplate[i].type) {
if (CK_FALSE == builtins_attrmatch(&pTemplate[i], &o->items[j])) {
return CK_FALSE;
}
else {
} else {
break;
}
}

2
security/nss/lib/ckfw/capi/anchor.c
Просмотреть файл

@ -13,5 +13,5 @@
#include "ckcapi.h"
#define MODULE_NAME ckcapi
#define INSTANCE_NAME (NSSCKMDInstance *) & nss_ckcapi_mdInstance
#define INSTANCE_NAME (NSSCKMDInstance *)&nss_ckcapi_mdInstance
#include "nssck.api"

45
security/nss/lib/ckfw/capi/cfind.c
Просмотреть файл

@ -109,8 +109,7 @@ ckcapi_attrmatch(
if (PR_TRUE == prb) {
return CK_TRUE;
}
else {
} else {
return CK_FALSE;
}
}
@ -135,25 +134,23 @@ ckcapi_match(
#define CKAPI_ITEM_CHUNK 20
#define PUT_Object(obj, err) \
{ \
if (count >= size) { \
*listp = *listp ? \
nss_ZREALLOCARRAY(*listp, ckcapiInternalObject *, \
(size + \
CKAPI_ITEM_CHUNK)) \
: \
nss_ZNEWARRAY(NULL, ckcapiInternalObject *, \
(size + \
CKAPI_ITEM_CHUNK)); \
if ((ckcapiInternalObject **)NULL == *listp) { \
err = CKR_HOST_MEMORY; \
goto loser; \
} \
size += CKAPI_ITEM_CHUNK; \
} \
(*listp)[count] = (obj); \
count++; \
#define PUT_Object(obj, err) \
{ \
if (count >= size) { \
*listp = *listp ? nss_ZREALLOCARRAY(*listp, ckcapiInternalObject *, \
(size + \
CKAPI_ITEM_CHUNK)) \
: nss_ZNEWARRAY(NULL, ckcapiInternalObject *, \
(size + \
CKAPI_ITEM_CHUNK)); \
if ((ckcapiInternalObject **)NULL == *listp) { \
err = CKR_HOST_MEMORY; \
goto loser; \
} \
size += CKAPI_ITEM_CHUNK; \
} \
(*listp)[count] = (obj); \
count++; \
}
/*
@ -338,8 +335,7 @@ collect_class(
1) != 0)) {
continue;
}
}
else {
} else {
int reason =
GetLastError();
/* we only care if it exists, we don't really need to fetch it yet */
@ -375,8 +371,7 @@ collect_class(
next->u.cert.certStore = storeStr;
PUT_Object(next, *pError);
next = NULL; /* need to allocate a new one now */
}
else {
} else {
/* don't cache the values we just loaded */
memset(&next->u.cert, 0, sizeof(next->u.cert));
}

39
security/nss/lib/ckfw/capi/cobject.c
Просмотреть файл

@ -471,8 +471,7 @@ nss_ckcapi_FetchKeyContainer(
if (!rc) {
goto loser;
}
}
else {
} else {
*hProv =
ko->hProv;
}
@ -684,8 +683,7 @@ ckcapi_PopulateModulusExponent(
{
if (ckcapiCert == io->type) {
ckcapi_CertPopulateModulusExponent(io);
}
else {
} else {
ckcapi_FetchPublicKey(io);
}
return;
@ -713,8 +711,7 @@ ckcapi_FetchLabel(
co->labelData = nss_ckcapi_WideToUTF8((LPCWSTR)labelDataUTF16);
if ((CHAR *)NULL == co->labelData) {
rv = 0;
}
else {
} else {
size = strlen(co->labelData);
}
}
@ -862,8 +859,7 @@ ckcapi_FetchHashKey(
{
if (ckcapiCert == io->type) {
ckcapi_CertFetchHashKey(io);
}
else {
} else {
ckcapi_KeyFetchHashKey(io);
}
return;
@ -1336,8 +1332,7 @@ ckcapi_mdObject_Destroy(
goto loser;
}
rc = CertDeleteCertificateFromStore(certContext);
}
else {
} else {
char *provName = NULL;
char *containerName = NULL;
HCRYPTPROV hProv;
@ -1353,8 +1348,7 @@ ckcapi_mdObject_Destroy(
containerName = nss_ckcapi_WideToUTF8(provInfo->pwszContainerName);
provType = provInfo->dwProvType;
nss_ZFreeIf(provInfo);
}
else {
} else {
provName = io->u.key.provName;
containerName = io->u.key.containerName;
provType = io->u.key.provInfo.dwProvType;
@ -1461,8 +1455,7 @@ ckcapi_mdObject_GetAttributeTypes(
}
if (io->type == ckcapiRaw) {
attrs = io->u.raw.types;
}
else
} else
switch (io->objClass) {
case CKO_CERTIFICATE:
attrs =
@ -1613,8 +1606,7 @@ nss_ckcapi_CreateMDObject(
nssHash_Lookup(ckcapiInternalObjectHash, key);
if (!old_o) {
nssHash_Add(ckcapiInternalObjectHash, key, io);
}
else if (old_o != io) {
} else if (old_o != io) {
nss_ckcapi_DestroyInternalObject(io);
io = old_o;
}
@ -1751,15 +1743,12 @@ nss_ckcapi_CreateCertificate(
}
/* does it look like a CA */
}
else if (ckcapi_cert_isCA(certContext)) {
} else if (ckcapi_cert_isCA(certContext)) {
storeStr = ckcapi_cert_isRoot(certContext) ? "CA" : "Root";
/* does it look like an S/MIME cert */
}
else if (ckcapi_cert_hasEmail(certContext)) {
} else if (ckcapi_cert_hasEmail(certContext)) {
storeStr = "AddressBook";
}
else {
} else {
/* just pick a store */
storeStr = "CA";
}
@ -2223,12 +2212,10 @@ nss_ckcapi_CreateObject(
if (objClass == CKO_CERTIFICATE) {
io = nss_ckcapi_CreateCertificate(fwSession, pTemplate,
ulAttributeCount, pError);
}
else if (objClass == CKO_PRIVATE_KEY) {
} else if (objClass == CKO_PRIVATE_KEY) {
io = nss_ckcapi_CreatePrivateKey(fwSession, pTemplate,
ulAttributeCount, pError);
}
else {
} else {
*pError = CKR_ATTRIBUTE_VALUE_INVALID;
}

2
security/nss/lib/ckfw/dbm/anchor.c
Просмотреть файл

@ -13,5 +13,5 @@
#include "ckdbm.h"
#define MODULE_NAME dbm
#define INSTANCE_NAME (NSSCKMDInstance *) & nss_dbm_mdInstance
#define INSTANCE_NAME (NSSCKMDInstance *)&nss_dbm_mdInstance
#include "nssck.api"

54
security/nss/lib/ckfw/dbm/db.c
Просмотреть файл

@ -94,8 +94,7 @@ nss_dbm_db_get_format_version(
(void)PR_sscanf(v.data, "%ld.%ld", &major, &minor);
rv.major = major;
rv.minor = minor;
}
else if (dbrv > 0) {
} else if (dbrv > 0) {
(void)PR_snprintf(buffer, sizeof(buffer), "%ld.%ld", nss_dbm_db_format_version.major,
nss_dbm_db_format_version.minor);
v.data = buffer;
@ -103,8 +102,7 @@ nss_dbm_db_get_format_version(
dbrv = db->db->put(db->db, &k, &v, 0);
(void)db->db->sync(db->db, 0);
rv = nss_dbm_db_format_version;
}
else {
} else {
/* No error return.. */
;
}
@ -177,12 +175,10 @@ nss_dbm_db_get_label(
if ((NSSUTF8 *)NULL == rv) {
*pError = CKR_HOST_MEMORY;
}
}
else if (dbrv > 0) {
} else if (dbrv > 0) {
/* Just return null */
;
}
else {
} else {
*pError = CKR_DEVICE_ERROR;
;
}
@ -256,11 +252,9 @@ nss_dbm_db_new_handle(
if (0 == rv) {
(void)memcpy(&align, v.data, sizeof(CK_ULONG));
id = ntohl(align);
}
else if (rv > 0) {
} else if (rv > 0) {
id = 0;
}
else {
} else {
goto done;
}
@ -762,8 +756,7 @@ nss_dbm_db_object_still_exists(
dbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
if (0 == dbrv) {
rv = CK_TRUE;
}
else {
} else {
rv = CK_FALSE;
}
@ -792,12 +785,10 @@ nss_dbm_db_get_object_attribute_count(
*pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
if (0 == *pdbrv) {
;
}
else if (*pdbrv > 0) {
} else if (*pdbrv > 0) {
*pError = CKR_OBJECT_HANDLE_INVALID;
goto done;
}
else {
} else {
*pError = CKR_DEVICE_ERROR;
goto done;
}
@ -834,12 +825,10 @@ nss_dbm_db_get_object_attribute_types(
*pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
if (0 == *pdbrv) {
;
}
else if (*pdbrv > 0) {
} else if (*pdbrv > 0) {
rv = CKR_OBJECT_HANDLE_INVALID;
goto done;
}
else {
} else {
rv = CKR_DEVICE_ERROR;
goto done;
}
@ -885,12 +874,10 @@ nss_dbm_db_get_object_attribute_size(
*pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
if (0 == *pdbrv) {
;
}
else if (*pdbrv > 0) {
} else if (*pdbrv > 0) {
*pError = CKR_OBJECT_HANDLE_INVALID;
goto done;
}
else {
} else {
*pError = CKR_DEVICE_ERROR;
goto done;
}
@ -900,8 +887,7 @@ nss_dbm_db_get_object_attribute_size(
for (i = 0; i < n; i++) {
if (type == ntohl(pulData[1 + i * 3])) {
rv = ntohl(pulData[2 + i *
3]);
rv = ntohl(pulData[2 + i * 3]);
}
}
@ -942,12 +928,10 @@ nss_dbm_db_get_object_attribute(
*pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
if (0 == *pdbrv) {
;
}
else if (*pdbrv > 0) {
} else if (*pdbrv > 0) {
*pError = CKR_OBJECT_HANDLE_INVALID;
goto done;
}
else {
} else {
*pError = CKR_DEVICE_ERROR;
goto done;
}
@ -1017,12 +1001,10 @@ nss_dbm_db_set_object_attribute(
*pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
if (0 == *pdbrv) {
;
}
else if (*pdbrv > 0) {
} else if (*pdbrv > 0) {
rv = CKR_OBJECT_HANDLE_INVALID;
goto done;
}
else {
} else {
rv = CKR_DEVICE_ERROR;
goto done;
}

3
security/nss/lib/ckfw/dbm/slot.c
Просмотреть файл

@ -75,8 +75,7 @@ nss_dbm_mdSlot_GetTokenPresent(
if ((nss_dbm_db_t *)NULL == slot->token_db) {
return CK_FALSE;
}
else {
} else {
return CK_TRUE;
}
}

3
security/nss/lib/ckfw/dbm/token.c
Просмотреть файл

@ -150,8 +150,7 @@ nss_dbm_mdToken_GetIsWriteProtected(
if (token->slot->flags & O_RDWR) {
return CK_FALSE;
}
else {
} else {
return CK_TRUE;
}
}

6
security/nss/lib/ckfw/find.c
Просмотреть файл

@ -270,8 +270,7 @@ nssCKFWFindObjects_Next(
fwFindObjects->mdToken, fwFindObjects->fwToken,
fwFindObjects->mdInstance, fwFindObjects->fwInstance);
fwFindObjects->mdfo1 = (NSSCKMDFindObjects *)NULL;
}
else {
} else {
goto wrap;
}
}
@ -296,8 +295,7 @@ nssCKFWFindObjects_Next(
fwFindObjects->mdToken, fwFindObjects->fwToken,
fwFindObjects->mdInstance, fwFindObjects->fwInstance);
fwFindObjects->mdfo2 = (NSSCKMDFindObjects *)NULL;
}
else {
} else {
goto wrap;
}
}

6
security/nss/lib/ckfw/hash.c
Просмотреть файл

@ -135,8 +135,7 @@ nssCKFWHash_Add(
he = PL_HashTableAdd(hash->plHashTable, key, (void *)value);
if (!he) {
error = CKR_HOST_MEMORY;
}
else {
} else {
hash->count++;
}
@ -211,8 +210,7 @@ nssCKFWHash_Exists(
if (!value) {
return CK_FALSE;
}
else {
} else {
return CK_TRUE;
}
}

21
security/nss/lib/ckfw/instance.c
Просмотреть файл

@ -190,13 +190,11 @@ nssCKFWInstance_Create(
fwInstance->pInitArgs = &fwInstance->initArgs;
if (pInitArgs->flags & CKF_LIBRARY_CANT_CREATE_OS_THREADS) {
fwInstance->mayCreatePthreads = CK_FALSE;
}
else {
} else {
fwInstance->mayCreatePthreads = CK_TRUE;
}
fwInstance->configurationData = (NSSUTF8 *)(pInitArgs->pReserved);
}
else {
} else {
fwInstance->mayCreatePthreads = CK_TRUE;
}
@ -221,8 +219,7 @@ nssCKFWInstance_Create(
if (mdInstance->ModuleHandlesSessionObjects) {
fwInstance->moduleHandlesSessionObjects =
mdInstance->ModuleHandlesSessionObjects(mdInstance, fwInstance);
}
else {
} else {
fwInstance->moduleHandlesSessionObjects = CK_FALSE;
}
@ -879,8 +876,7 @@ nssCKFWInstance_GetCryptokiVersion(
if (fwInstance->mdInstance->GetCryptokiVersion) {
fwInstance->cryptokiVersion = fwInstance->mdInstance->GetCryptokiVersion(
fwInstance->mdInstance, fwInstance);
}
else {
} else {
fwInstance->cryptokiVersion.major = 2;
fwInstance->cryptokiVersion.minor = 1;
}
@ -926,8 +922,7 @@ nssCKFWInstance_GetManufacturerID(
if ((!fwInstance->manufacturerID) && (CKR_OK != error)) {
goto done;
}
}
else {
} else {
fwInstance->manufacturerID = (NSSUTF8 *)"";
}
}
@ -992,8 +987,7 @@ nssCKFWInstance_GetLibraryDescription(
if ((!fwInstance->libraryDescription) && (CKR_OK != error)) {
goto done;
}
}
else {
} else {
fwInstance->libraryDescription = (NSSUTF8 *)"";
}
}
@ -1037,8 +1031,7 @@ nssCKFWInstance_GetLibraryVersion(
if (fwInstance->mdInstance->GetLibraryVersion) {
fwInstance->libraryVersion = fwInstance->mdInstance->GetLibraryVersion(
fwInstance->mdInstance, fwInstance);
}
else {
} else {
fwInstance->libraryVersion.major = 0;
fwInstance->libraryVersion.minor = 3;
}

2
security/nss/lib/ckfw/nssmkey/manchor.c
Просмотреть файл

@ -13,5 +13,5 @@
#include "ckmk.h"
#define MODULE_NAME ckmk
#define INSTANCE_NAME (NSSCKMDInstance *) & nss_ckmk_mdInstance
#define INSTANCE_NAME (NSSCKMDInstance *)&nss_ckmk_mdInstance
#include "nssck.api"

42
security/nss/lib/ckfw/nssmkey/mfind.c
Просмотреть файл

@ -110,8 +110,7 @@ ckmk_attrmatch(
if (PR_TRUE == prb) {
return CK_TRUE;
}
else {
} else {
return CK_FALSE;
}
}
@ -136,25 +135,23 @@ ckmk_match(
#define CKMK_ITEM_CHUNK 20
#define PUT_OBJECT(obj, err, size, count, list) \
{ \
if (count >= size) { \
(list) = (list) ? \
nss_ZREALLOCARRAY(list, ckmkInternalObject *, \
((size) + \
CKMK_ITEM_CHUNK)) \
: \
nss_ZNEWARRAY(NULL, ckmkInternalObject *, \
((size) + \
CKMK_ITEM_CHUNK)); \
if ((ckmkInternalObject **)NULL == list) { \
err = CKR_HOST_MEMORY; \
goto loser; \
} \
(size) += CKMK_ITEM_CHUNK; \
} \
(list)[count] = (obj); \
count++; \
#define PUT_OBJECT(obj, err, size, count, list) \
{ \
if (count >= size) { \
(list) = (list) ? nss_ZREALLOCARRAY(list, ckmkInternalObject *, \
((size) + \
CKMK_ITEM_CHUNK)) \
: nss_ZNEWARRAY(NULL, ckmkInternalObject *, \
((size) + \
CKMK_ITEM_CHUNK)); \
if ((ckmkInternalObject **)NULL == list) { \
err = CKR_HOST_MEMORY; \
goto loser; \
} \
(size) += CKMK_ITEM_CHUNK; \
} \
(list)[count] = (obj); \
count++; \
}
/* find all the certs that represent the appropriate object (cert, priv key, or
@ -201,8 +198,7 @@ collect_class(
/* yes, put it on the list */
PUT_OBJECT(next, *pError, *sizep, count, *listp);
next = NULL; /* this one is on the list, need to allocate a new one now */
}
else {
} else {
/* no , release the current item and clear out the structure for reuse */
CFRelease(itemRef);
/* don't cache the values we just loaded */

23
security/nss/lib/ckfw/nssmkey/mobject.c
Просмотреть файл

@ -322,8 +322,7 @@ ckmk_encodeInt(NSSItem *dest, void *src, int srcLen)
data[0] = DER_INTEGER;
if (1 == lenLen) {
data[1] = dataLen;
}
else {
} else {
data[1] = 0x80 + lenLen;
for (i = 0; i < lenLen; i++) {
data[i + 1] = ((dataLen >> ((lenLen -
@ -505,7 +504,7 @@ loser:
#define CKMK_HANDLE_OPT_ITEM(func, io, type, loc, item, error, str) \
if (0 == (item)->loc.size) { \
(void) func(io, type, &(item)->loc, str); \
(void)func(io, type, &(item)->loc, str); \
} \
return &(item)->loc;
@ -528,8 +527,7 @@ ckmk_FetchHashKey(
if (io->objClass == CKO_CERTIFICATE) {
ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr,
PR_TRUE, key, "Fetching HashKey (cert)");
}
else {
} else {
ckmk_GetCommonAttribute(io, kSecKeyLabel,
PR_FALSE, key, "Fetching HashKey (key)");
}
@ -992,8 +990,7 @@ ckmk_mdObject_GetAttributeTypes(
}
if (io->type == ckmkRaw) {
attrs = io->u.raw.types;
}
else
} else
switch (io->objClass) {
case CKO_CERTIFICATE:
attrs =
@ -1184,8 +1181,7 @@ nss_ckmk_CreateMDObject(
nssHash_Lookup(ckmkInternalObjectHash, key);
if (!old_o) {
nssHash_Add(ckmkInternalObjectHash, key, io);
}
else if (old_o != io) {
} else if (old_o != io) {
nss_ckmk_DestroyInternalObject(io);
io = old_o;
}
@ -1785,8 +1781,7 @@ nss_ckmk_CreatePrivateKey(
if (nickname) {
ckmk_updateAttribute(itemRef, kSecKeyPrintName, nickname,
strlen(nickname) + 1, "Modify Key Label");
}
else {
} else {
#define DEFAULT_NICKNAME "NSS Imported Key"
ckmk_updateAttribute(itemRef, kSecKeyPrintName, DEFAULT_NICKNAME,
sizeof(DEFAULT_NICKNAME), "Modify Key Label");
@ -1852,12 +1847,10 @@ nss_ckmk_CreateObject(
if (objClass == CKO_CERTIFICATE) {
io = nss_ckmk_CreateCertificate(fwSession, pTemplate,
ulAttributeCount, pError);
}
else if (objClass == CKO_PRIVATE_KEY) {
} else if (objClass == CKO_PRIVATE_KEY) {
io = nss_ckmk_CreatePrivateKey(fwSession, pTemplate,
ulAttributeCount, pError);
}
else {
} else {
*pError = CKR_ATTRIBUTE_VALUE_INVALID;
}

15
security/nss/lib/ckfw/object.c
Просмотреть файл

@ -584,8 +584,7 @@ nssCKFWObject_GetAttribute(
*pError = CKR_HOST_MEMORY;
goto done;
}
}
else {
} else {
rv = itemOpt;
}
@ -600,12 +599,10 @@ nssCKFWObject_GetAttribute(
rv = (NSSItem *)NULL;
goto done;
}
}
else {
} else {
if (rv->size >= mdItem.item->size) {
rv->size = mdItem.item->size;
}
else {
} else {
*pError = CKR_BUFFER_TOO_SMALL;
/* Should we set rv->size to mdItem->size? */
/* rv can't have been allocated */
@ -714,8 +711,7 @@ nssCKFWObject_SetAttribute(
* not in the list. Add it.
*/
nssCKFWSession_RegisterSessionObject(fwSession, fwObject);
}
else {
} else {
/*
* New one is a token object, except since we "stole" the fwObject, it's
* in the list. Remove it.
@ -731,8 +727,7 @@ nssCKFWObject_SetAttribute(
nssCKFWObject_Destroy(newFwObject);
return CKR_OK;
}
else {
} else {
/*
* An "ordinary" change.
*/

74
security/nss/lib/ckfw/session.c
Просмотреть файл

@ -696,8 +696,7 @@ nssCKFWSession_Login(
default:
return CKR_GENERAL_ERROR;
}
}
else /* CKU_USER == userType */ {
} else /* CKU_USER == userType */ {
switch (oldState) {
case CKS_RO_PUBLIC_SESSION:
newState =
@ -732,8 +731,7 @@ nssCKFWSession_Login(
* it'll just rely on the Framework as needed.
*/
;
}
else {
} else {
error = fwSession->mdSession->Login(fwSession->mdSession, fwSession,
fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
fwSession->fwInstance, userType, pin, oldState, newState);
@ -802,8 +800,7 @@ nssCKFWSession_Logout(
* The Module doesn't want to be informed. Okay.
*/
;
}
else {
} else {
error = fwSession->mdSession->Logout(fwSession->mdSession, fwSession,
fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
fwSession->fwInstance, oldState, newState);
@ -1123,15 +1120,13 @@ nssCKFWSession_SetOperationState(
if (encryptionKey) {
mdek = nssCKFWObject_GetMDObject(encryptionKey);
}
else {
} else {
mdek = (NSSCKMDObject *)NULL;
}
if (authenticationKey) {
mdak = nssCKFWObject_GetMDObject(authenticationKey);
}
else {
} else {
mdak = (NSSCKMDObject *)NULL;
}
@ -1164,8 +1159,7 @@ nss_attributes_form_token_object(
if (sizeof(CK_BBOOL) == pTemplate[i].ulValueLen) {
(void)nsslibc_memcpy(&rv, pTemplate[i].pValue, sizeof(CK_BBOOL));
return rv;
}
else {
} else {
return CK_FALSE;
}
}
@ -1233,8 +1227,7 @@ nssCKFWSession_CreateObject(
}
goto callmdcreateobject;
}
else {
} else {
/* === SESSION OBJECT === */
arena = nssCKFWSession_GetArena(fwSession, pError);
@ -1255,8 +1248,7 @@ nssCKFWSession_CreateObject(
}
goto callmdcreateobject;
}
else {
} else {
/* --- framework handles the session object -- */
mdObject = nssCKMDSessionObject_Create(fwSession->fwToken,
arena, pTemplate, ulAttributeCount, pError);
@ -1279,10 +1271,8 @@ gotmdobject:
}
fwObject = nssCKFWObject_Create(arena, mdObject,
isTokenObject ?
NULL
:
fwSession,
isTokenObject ? NULL
: fwSession,
fwSession->fwToken, fwSession->fwInstance, pError);
if (!fwObject) {
if (CKR_OK == *pError) {
@ -1387,8 +1377,7 @@ nssCKFWSession_CopyObject(
if (CK_TRUE == newIsToken) {
arena = nssCKFWToken_GetArena(fwSession->fwToken, pError);
}
else {
} else {
arena = nssCKFWSession_GetArena(fwSession, pError);
}
if (!arena) {
@ -1410,10 +1399,8 @@ nssCKFWSession_CopyObject(
}
rv = nssCKFWObject_Create(arena, mdObject,
newIsToken ?
NULL
:
fwSession,
newIsToken ? NULL
: fwSession,
fwSession->fwToken, fwSession->fwInstance, pError);
if (CK_FALSE == newIsToken) {
@ -1427,8 +1414,7 @@ nssCKFWSession_CopyObject(
}
return rv;
}
else {
} else {
/* use create object */
NSSArena *tmpArena;
CK_ATTRIBUTE_PTR newTemplate;
@ -1493,8 +1479,7 @@ nssCKFWSession_CopyObject(
pTemplate[i].pValue) {
/* This attribute is being deleted */
;
}
else {
} else {
/* This attribute is being replaced */
newTemplate[k].type =
pTemplate[i].type;
@ -1611,8 +1596,7 @@ nssCKFWSession_FindObjectsInit(
fwSession, fwSession->mdToken, fwSession->fwToken,
fwSession->mdInstance, fwSession->fwInstance,
pTemplate, ulAttributeCount, pError);
}
else {
} else {
/* Do the search ourselves */
mdfo1 =
nssCKMDFindSessionObjects_Create(fwSession->fwToken,
@ -1665,8 +1649,7 @@ nssCKFWSession_FindObjectsInit(
goto wrap;
}
/*NOTREACHED*/
}
else {
} else {
/* Module handles all its own objects. Pass on to module's search */
mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
fwSession, fwSession->mdToken, fwSession->fwToken,
@ -1766,8 +1749,7 @@ nssCKFWSession_GetRandom(
if (!fwSession->mdSession->GetRandom) {
if (CK_TRUE == nssCKFWToken_GetHasRNG(fwSession->fwToken)) {
return CKR_GENERAL_ERROR;
}
else {
} else {
return CKR_RANDOM_NO_RNG;
}
}
@ -1880,8 +1862,7 @@ nssCKFWSession_Final(
error = CKR_ARGUMENTS_BAD;
goto done;
}
}
else {
} else {
CK_ULONG len = nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error);
CK_ULONG maxBufLen = *outBufLen;
@ -2127,16 +2108,13 @@ nssCKFWSession_UpdateFinal(
error = CKR_ARGUMENTS_BAD;
goto done;
}
}
else {
} else {
CK_ULONG maxBufLen = *outBufLen;
CK_ULONG len;
len = (isEncryptDecrypt) ?
nssCKFWCryptoOperation_GetOperationLength(fwOperation,
&inputBuffer, &error)
:
nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error);
len = (isEncryptDecrypt) ? nssCKFWCryptoOperation_GetOperationLength(fwOperation,
&inputBuffer, &error)
: nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error);
if (CKR_OK != error) {
goto done;
@ -2159,10 +2137,8 @@ nssCKFWSession_UpdateFinal(
/* UpdateFinal isn't support, manually use Update and Final */
if (CKR_FUNCTION_FAILED == error) {
error = isEncryptDecrypt ?
nssCKFWCryptoOperation_Update(fwOperation, &inputBuffer, &outputBuffer)
:
nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer);
error = isEncryptDecrypt ? nssCKFWCryptoOperation_Update(fwOperation, &inputBuffer, &outputBuffer)
: nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer);
if (CKR_OK == error) {
error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer);

6
security/nss/lib/ckfw/sessobj.c
Просмотреть файл

@ -794,8 +794,7 @@ items_match(
if (PR_TRUE == nsslibc_memequal(a->data, pValue, ulValueLen, (PRStatus *)NULL)) {
return CK_TRUE;
}
else {
} else {
return CK_FALSE;
}
}
@ -826,8 +825,7 @@ findfcn(
if (mdso->types[j] == p->type) {
if (!items_match(&mdso->attributes[j], p->pValue, p->ulValueLen)) {
return;
}
else {
} else {
break;
}
}

15
security/nss/lib/ckfw/slot.c
Просмотреть файл

@ -336,8 +336,7 @@ nssCKFWSlot_GetSlotDescription(
if ((!fwSlot->slotDescription) && (CKR_OK != error)) {
goto done;
}
}
else {
} else {
fwSlot->slotDescription = (NSSUTF8 *)"";
}
}
@ -385,8 +384,7 @@ nssCKFWSlot_GetManufacturerID(
if ((!fwSlot->manufacturerID) && (CKR_OK != error)) {
goto done;
}
}
else {
} else {
fwSlot->manufacturerID = (NSSUTF8 *)"";
}
}
@ -496,8 +494,7 @@ nssCKFWSlot_GetHardwareVersion(
if (fwSlot->mdSlot->GetHardwareVersion) {
fwSlot->hardwareVersion = fwSlot->mdSlot->GetHardwareVersion(
fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance);
}
else {
} else {
fwSlot->hardwareVersion.major = 0;
fwSlot->hardwareVersion.minor = 1;
}
@ -539,8 +536,7 @@ nssCKFWSlot_GetFirmwareVersion(
if (fwSlot->mdSlot->GetFirmwareVersion) {
fwSlot->firmwareVersion = fwSlot->mdSlot->GetFirmwareVersion(
fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance);
}
else {
} else {
fwSlot->firmwareVersion.major = 0;
fwSlot->firmwareVersion.minor = 1;
}
@ -597,8 +593,7 @@ nssCKFWSlot_GetToken(
fwToken = nssCKFWToken_Create(fwSlot, mdToken, pError);
fwSlot->fwToken = fwToken;
}
else {
} else {
fwToken = fwSlot->fwToken;
}

27
security/nss/lib/ckfw/token.c
Просмотреть файл

@ -498,8 +498,7 @@ nssCKFWToken_InitToken(
if (!pin) {
if (nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken)) {
; /* okay */
}
else {
} else {
error = CKR_PIN_INCORRECT;
goto done;
}
@ -551,8 +550,7 @@ nssCKFWToken_GetLabel(
if ((!fwToken->label) && (CKR_OK != error)) {
goto done;
}
}
else {
} else {
fwToken->label = (NSSUTF8 *)"";
}
}
@ -599,8 +597,7 @@ nssCKFWToken_GetManufacturerID(
if ((!fwToken->manufacturerID) && (CKR_OK != error)) {
goto done;
}
}
else {
} else {
fwToken->manufacturerID = (NSSUTF8 *)"";
}
}
@ -647,8 +644,7 @@ nssCKFWToken_GetModel(
if ((!fwToken->model) && (CKR_OK != error)) {
goto done;
}
}
else {
} else {
fwToken->model = (NSSUTF8 *)"";
}
}
@ -695,8 +691,7 @@ nssCKFWToken_GetSerialNumber(
if ((!fwToken->serialNumber) && (CKR_OK != error)) {
goto done;
}
}
else {
} else {
fwToken->serialNumber = (NSSUTF8 *)"";
}
}
@ -1092,8 +1087,7 @@ nssCKFWToken_GetHardwareVersion(
if (fwToken->mdToken->GetHardwareVersion) {
fwToken->hardwareVersion = fwToken->mdToken->GetHardwareVersion(
fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
}
else {
} else {
fwToken->hardwareVersion.major = 0;
fwToken->hardwareVersion.minor = 1;
}
@ -1136,8 +1130,7 @@ nssCKFWToken_GetFirmwareVersion(
if (fwToken->mdToken->GetFirmwareVersion) {
fwToken->firmwareVersion = fwToken->mdToken->GetFirmwareVersion(
fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
}
else {
} else {
fwToken->firmwareVersion.major = 0;
fwToken->firmwareVersion.minor = 1;
}
@ -1218,8 +1211,7 @@ nssCKFWToken_GetUTCTime(
if (D > dims[M - 1])
goto badtime; /* per-month check */
if ((2 == M) && (((Y % 4) || !(Y %
100)) &&
if ((2 == M) && (((Y % 4) || !(Y % 100)) &&
(Y % 400)) &&
(D > 28))
goto badtime; /* leap years */
@ -1292,8 +1284,7 @@ nssCKFWToken_OpenSession(
*pError = CKR_TOKEN_WRITE_PROTECTED;
goto done;
}
}
else {
} else {
/* Read-only session desired */
if (CKS_RW_SO_FUNCTIONS == nssCKFWToken_GetSessionState(fwToken)) {
*pError = CKR_SESSION_READ_WRITE_SO_EXISTS;

39
security/nss/lib/ckfw/wrap.c
Просмотреть файл

@ -365,8 +365,7 @@ NSSCKFWC_GetSlotList(
*pulCount = nSlots;
error = CKR_BUFFER_TOO_SMALL;
goto loser;
}
else {
} else {
CK_ULONG i;
*pulCount = nSlots;
@ -803,8 +802,7 @@ NSSCKFWC_GetMechanismList(
if (0 != count) {
error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList);
}
else {
} else {
error = CKR_OK;
}
@ -1098,8 +1096,7 @@ NSSCKFWC_InitPIN(
if ((CK_CHAR_PTR)CK_NULL_PTR == pPin) {
arg = (NSSItem *)NULL;
}
else {
} else {
arg = &pin;
pin.size = (PRUint32)ulPinLen;
pin.data = (void *)pPin;
@ -1173,8 +1170,7 @@ NSSCKFWC_SetPIN(
if ((CK_CHAR_PTR)CK_NULL_PTR == pOldPin) {
oldArg = (NSSItem *)NULL;
}
else {
} else {
oldArg = &oldPin;
oldPin.size = (PRUint32)ulOldLen;
oldPin.data = (void *)pOldPin;
@ -1182,8 +1178,7 @@ NSSCKFWC_SetPIN(
if ((CK_CHAR_PTR)CK_NULL_PTR == pNewPin) {
newArg = (NSSItem *)NULL;
}
else {
} else {
newArg = &newPin;
newPin.size = (PRUint32)ulNewLen;
newPin.data = (void *)pNewPin;
@ -1266,15 +1261,13 @@ NSSCKFWC_OpenSession(
if (flags & CKF_RW_SESSION) {
rw = CK_TRUE;
}
else {
} else {
rw = CK_FALSE;
}
if (flags & CKF_SERIAL_SESSION) {
;
}
else {
} else {
error = CKR_SESSION_PARALLEL_NOT_SUPPORTED;
goto loser;
}
@ -1699,8 +1692,7 @@ NSSCKFWC_SetOperationState(
if ((CK_OBJECT_HANDLE)0 == hEncryptionKey) {
eKey = (NSSCKFWObject *)NULL;
}
else {
} else {
eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey);
if (!eKey) {
error = CKR_KEY_HANDLE_INVALID;
@ -1710,8 +1702,7 @@ NSSCKFWC_SetOperationState(
if ((CK_OBJECT_HANDLE)0 == hAuthenticationKey) {
aKey = (NSSCKFWObject *)NULL;
}
else {
} else {
aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey);
if (!aKey) {
error = CKR_KEY_HANDLE_INVALID;
@ -1787,8 +1778,7 @@ NSSCKFWC_Login(
if ((CK_CHAR_PTR)CK_NULL_PTR == pPin) {
arg = (NSSItem *)NULL;
}
else {
} else {
arg = &pin;
pin.size = (PRUint32)ulPinLen;
pin.data = (void *)pPin;
@ -2277,8 +2267,7 @@ NSSCKFWC_GetAttributeValue(
if ((CK_VOID_PTR)CK_NULL_PTR == pTemplate[i].pValue) {
pTemplate[i].ulValueLen = size;
}
else {
} else {
NSSItem it, *p;
if (pTemplate[i].ulValueLen < size) {
@ -2317,12 +2306,10 @@ NSSCKFWC_GetAttributeValue(
if (sensitive) {
error = CKR_ATTRIBUTE_SENSITIVE;
goto loser;
}
else if (invalid) {
} else if (invalid) {
error = CKR_ATTRIBUTE_TYPE_INVALID;
goto loser;
}
else if (tooSmall) {
} else if (tooSmall) {
error = CKR_BUFFER_TOO_SMALL;
goto loser;
}

3
security/nss/lib/crmf/challcli.c
Просмотреть файл

@ -182,8 +182,7 @@ CMMF_POPODecKeyChallContentGetRandomNumber(CMMFPOPODecKeyChallContent *inKeyChal
CMMFChallenge *challenge;
PORT_Assert(inKeyChallCont != NULL);
if (inKeyChallCont == NULL || inIndex > 0 || inIndex >=
inKeyChallCont->numChallenges) {
if (inKeyChallCont == NULL || inIndex > 0 || inIndex >= inKeyChallCont->numChallenges) {
return SECFailure;
}
challenge = inKeyChallCont->challenges[inIndex];

3
security/nss/lib/crmf/cmmfchal.c
Просмотреть файл

@ -214,8 +214,7 @@ CMMF_POPODecKeyChallContentSetNextChallenge(CMMFPOPODecKeyChallContent *inDecKey
if (inDecKeyChall->numChallenges == 0) {
rv = cmmf_create_first_challenge(inDecKeyChall, inRandom,
genNameDER, inPubKey, passwdArg);
}
else {
} else {
curChallenge = PORT_ArenaZNew(poolp, CMMFChallenge);
if (curChallenge == NULL) {
rv = SECFailure;

3
security/nss/lib/crmf/cmmfrec.c
Просмотреть файл

@ -107,8 +107,7 @@ CMMF_KeyRecRepContentSetCACerts(CMMFKeyRecRepContent *inKeyRecRep,
&inKeyRecRep->caCerts);
if (rv != SECSuccess) {
PORT_ArenaRelease(inKeyRecRep->poolp, mark);
}
else {
} else {
PORT_ArenaUnmark(inKeyRecRep->poolp, mark);
}
return rv;

12
security/nss/lib/crmf/cmmfresp.c
Просмотреть файл

@ -52,8 +52,7 @@ cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert,
if (derDest == NULL) {
goto loser;
}
}
else {
} else {
derDest = SECITEM_DupItem(&inCert->derCert);
if (derDest == NULL) {
goto loser;
@ -67,8 +66,7 @@ cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert,
if (rv != SECSuccess) {
goto loser;
}
}
else {
} else {
certOrEncCert->derValue = *derDest;
}
PORT_Free(derDest);
@ -218,8 +216,7 @@ CMMF_CertResponseSetCertificate(CMMFCertResponse *inCertResp,
if (inCertResp->certifiedKeyPair == NULL) {
keyPair = inCertResp->certifiedKeyPair =
PORT_ZNew(CMMFCertifiedKeyPair);
}
else {
} else {
keyPair = inCertResp->certifiedKeyPair;
}
if (keyPair == NULL) {
@ -266,8 +263,7 @@ CMMF_CertRepContentSetCAPubs(CMMFCertRepContent *inCertRepContent,
if (rv != SECSuccess) {
PORT_ArenaRelease(poolp, mark);
}
else {
} else {
PORT_ArenaUnmark(poolp, mark);
}
return rv;

9
security/nss/lib/crmf/crmfcont.c
Просмотреть файл

@ -19,8 +19,7 @@ crmf_modify_control_array(CRMFCertRequest *inCertReq, int count)
return SECFailure;
}
inCertReq->controls = dummy;
}
else {
} else {
inCertReq->controls = PORT_ZNewArray(CRMFControl *, 2);
}
return (inCertReq->controls == NULL) ? SECFailure : SECSuccess;
@ -593,8 +592,7 @@ crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest)
if (rv != SECSuccess) {
dest = NULL;
}
}
else {
} else {
dest = SECITEM_ArenaDupItem(NULL, src);
}
return dest;
@ -673,8 +671,7 @@ crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp,
if (wrappingKey == NULL) {
goto loser;
} /* Make the length a byte length instead of bit length*/
params = (encValue->symmAlg != NULL) ?
crmf_decode_params(&encValue->symmAlg->parameters)
params = (encValue->symmAlg != NULL) ? crmf_decode_params(&encValue->symmAlg->parameters)
: NULL;
origLen = encValue->encValue.len;
encValue->encValue.len = CRMF_BITS_TO_BYTES(origLen);

6
security/nss/lib/crmf/crmfget.c
Просмотреть файл

@ -43,10 +43,8 @@ crmf_copy_cert_request_validity(PLArenaPool *poolp,
CRMFOptionalValidity *myValidity = NULL;
SECStatus rv;
*destValidity = myValidity = (poolp == NULL) ?
PORT_ZNew(CRMFOptionalValidity)
:
PORT_ArenaZNew(poolp, CRMFOptionalValidity);
*destValidity = myValidity = (poolp == NULL) ? PORT_ZNew(CRMFOptionalValidity)
: PORT_ArenaZNew(poolp, CRMFOptionalValidity);
if (myValidity == NULL) {
goto loser;
}

3
security/nss/lib/crmf/crmfpop.c
Просмотреть файл

@ -203,8 +203,7 @@ crmf_create_poposignkey(PLArenaPool *poolp,
if (useSignKeyInput) {
goto loser;
}
else {
} else {
rv = crmf_sign_certreq(poolp, signKey, certReq, inPrivKey, inAlgID);
if (rv != SECSuccess) {
goto loser;

12
security/nss/lib/crmf/crmfreq.c
Просмотреть файл

@ -351,8 +351,7 @@ crmf_template_add_extensions(PLArenaPool *poolp, CRMFCertTemplate *inTemplate,
if (inTemplate->extensions == NULL) {
newSize = extensions->numExtensions;
extArray = PORT_ZNewArray(CRMFCertExtension *, newSize + 1);
}
else {
} else {
newSize = inTemplate->numExtensions + extensions->numExtensions;
extArray = PORT_Realloc(inTemplate->extensions,
sizeof(CRMFCertExtension *) * (newSize + 1));
@ -459,8 +458,7 @@ CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq,
}
if (rv != SECSuccess) {
PORT_ArenaRelease(poolp, mark);
}
else {
} else {
PORT_ArenaUnmark(poolp, mark);
}
return rv;
@ -551,10 +549,8 @@ crmf_create_cert_extension(PLArenaPool *poolp,
}
if (isCritical) {
newExt->critical.data = (poolp == NULL) ?
PORT_New(unsigned char)
:
PORT_ArenaNew(poolp, unsigned char);
newExt->critical.data = (poolp == NULL) ? PORT_New(unsigned char)
: PORT_ArenaNew(poolp, unsigned char);
if (newExt->critical.data == NULL) {
goto loser;
}

3
security/nss/lib/crmf/respcmn.c
Просмотреть файл

@ -218,8 +218,7 @@ cmmf_copy_secitem(PLArenaPool *poolp, SECItem *dest, SECItem *src)
if (src->data != NULL) {
rv = SECITEM_CopyItem(poolp, dest, src);
}
else {
} else {
dest->data = NULL;
dest->len = 0;
rv = SECSuccess;

9
security/nss/lib/crmf/servget.c
Просмотреть файл

@ -356,10 +356,8 @@ crmf_copy_poposigningkey(PLArenaPool *poolp,
rv = SECITEM_CopyItem(poolp, &destPopoSignKey->derInput,
&inPopoSignKey->derInput);
}
destPopoSignKey->algorithmIdentifier = (poolp == NULL) ?
PORT_ZNew(SECAlgorithmID)
:
PORT_ArenaZNew(poolp, SECAlgorithmID);
destPopoSignKey->algorithmIdentifier = (poolp == NULL) ? PORT_ZNew(SECAlgorithmID)
: PORT_ArenaZNew(poolp, SECAlgorithmID);
if (destPopoSignKey->algorithmIdentifier == NULL) {
goto loser;
@ -634,8 +632,7 @@ crmf_copy_name(CERTName *destName, CERTName *srcName)
if (destName->arena != NULL) {
poolp = destName->arena;
}
else {
} else {
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
}
if (poolp == NULL) {

39
security/nss/lib/cryptohi/seckey.c
Просмотреть файл

@ -348,8 +348,7 @@ seckey_UpdateCertPQGChain(CERTCertificate *subjectCert, int count)
return SECSuccess;
}
}
else {
} else {
return SECFailure; /* return failure if oid is NULL */
}
@ -393,8 +392,7 @@ seckey_UpdateCertPQGChain(CERTCertificate *subjectCert, int count)
rv = SECFailure;
goto loser;
}
}
else {
} else {
rv = SECFailure; /* return failure if oid is NULL */
goto loser;
}
@ -481,8 +479,7 @@ seckey_DSADecodePQG(PLArenaPool *arena, SECKEYPublicKey *pubk,
SECKEY_PQGParamsTemplate,
&newparams);
}
}
else {
} else {
if (SECSuccess == rv) {
/* else the old fortezza-only wrapped format is used. */
@ -1080,16 +1077,14 @@ SECKEY_CopyPrivateKey(const SECKEYPrivateKey *privk)
PK11_CopyKey(privk->pkcs11Slot, privk->pkcs11ID);
if (copyk->pkcs11ID == CK_INVALID_HANDLE)
goto fail;
}
else {
} else {
copyk->pkcs11ID = privk->pkcs11ID;
}
copyk->pkcs11IsTemp = privk->pkcs11IsTemp;
copyk->wincx = privk->wincx;
copyk->staticflags = privk->staticflags;
return copyk;
}
else {
} else {
PORT_SetError(SEC_ERROR_NO_MEMORY);
}
@ -1124,8 +1119,7 @@ SECKEY_CopyPublicKey(const SECKEYPublicKey *pubk)
PK11_IsPermObject(pubk->pkcs11Slot, pubk->pkcs11ID)) {
copyk->pkcs11Slot = PK11_ReferenceSlot(pubk->pkcs11Slot);
copyk->pkcs11ID = pubk->pkcs11ID;
}
else {
} else {
copyk->pkcs11Slot = NULL; /* go get own reference */
copyk->pkcs11ID = CK_INVALID_HANDLE;
}
@ -1358,8 +1352,7 @@ seckey_CreateSubjectPublicKeyInfo_helper(SECKEYPublicKey *pubk)
default:
break;
}
}
else {
} else {
PORT_SetError(SEC_ERROR_NO_MEMORY);
}
@ -1445,8 +1438,7 @@ SECKEY_DecodeDERSubjectPublicKeyInfo(const SECItem *spkider)
}
if (rv == SECSuccess)
return spki;
}
else {
} else {
PORT_SetError(SEC_ERROR_NO_MEMORY);
}
@ -1593,12 +1585,10 @@ SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk,
PORT_Memset(pvk, 0, sizeof(*pvk));
if (freeit == PR_TRUE) {
PORT_FreeArena(poolp, PR_TRUE);
}
else {
} else {
pvk->arena = poolp;
}
}
else {
} else {
SECITEM_ZfreeItem(&pvk->version, PR_FALSE);
SECITEM_ZfreeItem(&pvk->privateKey, PR_FALSE);
SECOID_DestroyAlgorithmID(&pvk->algorithm, PR_FALSE);
@ -1626,12 +1616,10 @@ SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki,
PORT_Memset(epki, 0, sizeof(*epki));
if (freeit == PR_TRUE) {
PORT_FreeArena(poolp, PR_TRUE);
}
else {
} else {
epki->arena = poolp;
}
}
else {
} else {
SECITEM_ZfreeItem(&epki->encryptedData, PR_FALSE);
SECOID_DestroyAlgorithmID(&epki->algorithm, PR_FALSE);
PORT_Memset(epki, 0, sizeof(*epki));
@ -1912,8 +1900,7 @@ loser:
#define SECKEY_CacheAttribute(key, attribute) \
if (CK_TRUE == PK11_HasAttributeSet(key->pkcs11Slot, key->pkcs11ID, attribute, PR_FALSE)) { \
key->staticflags |= SECKEY_##attribute; \
} \
else { \
} else { \
key->staticflags &= (~SECKEY_##attribute); \
}

9
security/nss/lib/cryptohi/secsign.c
Просмотреть файл

@ -177,8 +177,7 @@ SGN_End(SGNContext *cx, SECItem *result)
if (rv != SECSuccess) {
goto loser;
}
}
else {
} else {
digder.data = digest;
digder.len = part1;
}
@ -215,8 +214,7 @@ SGN_End(SGNContext *cx, SECItem *result)
PORT_Free(sigitem.data);
if (rv != SECSuccess)
goto loser;
}
else {
} else {
result->len = sigitem.len;
result->data = sigitem.data;
}
@ -396,8 +394,7 @@ SGN_Digest(SECKEYPrivateKey *privKey,
if (rv != SECSuccess) {
goto loser;
}
}
else {
} else {
digder.data = digest->data;
digder.len = digest->len;
}

21
security/nss/lib/cryptohi/secvfy.c
Просмотреть файл

@ -105,8 +105,7 @@ recoverPKCS1DigestInfo(SECOidTag givenDigestAlg,
if (rv == SECSuccess) {
*digestInfoLen = it.len;
*digestInfo = (unsigned char *)it.data;
}
else {
} else {
if (it.data) {
PORT_Free(it.data);
}
@ -195,8 +194,7 @@ decodeECorDSASignature(SECOidTag algid, const SECItem *sig, unsigned char *dsig,
if ((dsasig == NULL) || (dsasig->len != len)) {
rv = SECFailure;
}
else {
} else {
PORT_Memcpy(dsig, dsasig->data, dsasig->len);
}
@ -296,17 +294,13 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
len = SECKEY_PublicKeyStrength(key);
if (len < 28) { /* 28 bytes == 224 bits */
*hashalg = SEC_OID_SHA1;
}
else if (len < 32) { /* 32 bytes == 256 bits */
} else if (len < 32) { /* 32 bytes == 256 bits */
*hashalg = SEC_OID_SHA224;
}
else if (len < 48) { /* 48 bytes == 384 bits */
} else if (len < 48) { /* 48 bytes == 384 bits */
*hashalg = SEC_OID_SHA256;
}
else if (len < 64) { /* 48 bytes == 512 bits */
} else if (len < 64) { /* 48 bytes == 512 bits */
*hashalg = SEC_OID_SHA384;
}
else {
} else {
/* use the largest in this case */
*hashalg = SEC_OID_SHA512;
}
@ -667,8 +661,7 @@ vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key,
if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) !=
SECSuccess) {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
}
else {
} else {
rv = SECSuccess;
}
break;

5
security/nss/lib/dbm/include/hash.h
Просмотреть файл

@ -163,9 +163,8 @@ typedef struct htab { /* Memory resident data structure */
#define ALL_CLEAR 0
#define PTROF(X) ((ptrdiff_t)(X) == BUF_DISK ? 0 : (X))
#define ISDISK(X) ((X) ? ((ptrdiff_t)(X) == BUF_DISK ? BUF_DISK \
: \
(X)->is_disk) \
#define ISDISK(X) ((X) ? ((ptrdiff_t)(X) == BUF_DISK ? BUF_DISK \
: (X)->is_disk) \
: 0)
#define BITS_PER_MAP 32

9
security/nss/lib/dbm/src/dirent.c
Просмотреть файл

@ -81,8 +81,7 @@ getFSType(const char *path)
if (isalpha(path[0]) && path[1] == ':') {
unit = toupper(path[0]) - '@';
path += 2;
}
else {
} else {
ULONG driveMap;
#if OS2 >= 2
if (DosQueryCurrentDisk(&unit, &driveMap))
@ -109,8 +108,7 @@ getFSType(const char *path)
if (infolen >= sizeof(FSQBUFFER2)) {
FSQBUFFER2 *p = (FSQBUFFER2 *)info;
r = p->szFSDName[p->cbName];
}
else
} else
#else
if (DosQFSAttach((PSZ)drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen, 0))
return 0;
@ -118,8 +116,7 @@ getFSType(const char *path)
char *p = info + sizeof(USHORT);
p += sizeof(USHORT) + *(USHORT *)p + 1 + sizeof(USHORT);
r = *p;
}
else
} else
#endif
r = 0;
return cache[unit] = r;

2
security/nss/lib/dbm/src/dirent.h
Просмотреть файл

@ -61,7 +61,7 @@ struct dirent {
#else
char d_name[MAXNAMLEN + 1]; /* garentee null termination */
char d_attribute; /* .. extension .. */
unsigned long d_size; /* .. extension .. */
unsigned long d_size; /* .. extension .. */
#endif
};

33
security/nss/lib/dbm/src/h_bigkey.c
Просмотреть файл

@ -129,8 +129,7 @@ __big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
p[n - 2] = FULL_KEY_DATA;
FREESPACE(p) = FREESPACE(p) - move_bytes;
OFFSET(p) = off;
}
else
} else
p[n - 2] = FULL_KEY;
}
p = (uint16 *)bufp->page;
@ -164,8 +163,7 @@ __big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
return (-1);
cp = bufp->page;
p = (uint16 *)cp;
}
else
} else
p[n] = FULL_KEY_DATA;
bufp->flags |= BUF_MOD;
}
@ -236,8 +234,7 @@ __big_delete(HTAB *hashp, BUFHEAD *bufp)
bp[1] = pageno;
bp[2] = OVFLPAGE;
bufp->ovfl = rbufp->ovfl;
}
else
} else
/* This is the last page. */
bufp->ovfl = NULL;
n -= 2;
@ -295,8 +292,7 @@ __find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size)
++hash_collisions;
#endif
return (-2);
}
else
} else
return (ndx);
}
@ -384,8 +380,7 @@ __big_return(
save_addr = save_p->addr;
off = bp[1];
len = 0;
}
else if (!FREESPACE(bp)) {
} else if (!FREESPACE(bp)) {
/*
* This is a hack. We can't distinguish between
* FULL_KEY_DATA that contains complete data or
@ -401,8 +396,7 @@ __big_return(
if (!bufp)
return (-1);
bp = (uint16 *)bufp->page;
}
else {
} else {
/* The data is all on one page. */
tp = (char *)bp;
off = bp[bp[0]];
@ -414,8 +408,7 @@ __big_return(
hashp->cpage = NULL;
hashp->cbucket++;
hashp->cndx = 1;
}
else {
} else {
hashp->cpage = __get_buf(hashp,
bp[bp[0] - 1], bufp, 0);
if (!hashp->cpage)
@ -528,8 +521,7 @@ collect_data(
if (bp[0] == 2) { /* No more buckets in chain */
hashp->cpage = NULL;
hashp->cbucket++;
}
else {
} else {
hashp->cpage = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
if (!hashp->cpage)
return (-1);
@ -589,8 +581,7 @@ collect_key(
return (-1);
if (__big_return(hashp, bufp, 1, val, set))
return (-1);
}
else {
} else {
xbp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
if (!xbp || ((totlen =
collect_key(hashp, xbp, totlen, val, set)) < 1))
@ -639,8 +630,7 @@ __big_split(
__get_buf(hashp, ret->next_addr, big_keyp, 0)))
return (-1);
;
}
else
} else
ret->nextp = NULL;
/* Now make one of np/op point to the big key/data pair */
@ -706,8 +696,7 @@ __big_split(
if (!tmpp)
return (-1);
tp[4] = n;
}
else
} else
tmpp = big_keyp;
if (change)

42
security/nss/lib/dbm/src/h_page.c
Просмотреть файл

@ -256,8 +256,7 @@ __delpair(HTAB *hashp, BUFHEAD *bufp, int ndx)
if (bp[i + 1] == OVFLPAGE) {
bp[i - 2] = bp[i];
bp[i - 1] = bp[i + 1];
}
else {
} else {
bp[i - 2] = bp[i] + pairlen;
bp[i - 1] = bp[i + 1] + pairlen;
}
@ -341,12 +340,10 @@ __split_page(HTAB *hashp, uint32 obucket, uint32 nbucket)
off - ino[n + 1]);
ino[ndx] = copyto + ino[n] - ino[n + 1];
ino[ndx + 1] = copyto;
}
else
} else
copyto = ino[n + 1];
ndx += 2;
}
else {
} else {
/* Switch page */
val.data = (uint8 *)op + ino[n + 1];
val.size = ino[n] - ino[n + 1];
@ -460,8 +457,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp,
cino = (char *)bufp->page;
ino = (uint16 *)cino;
last_bfp = ret.nextp;
}
else if (ino[n + 1] == OVFLPAGE) {
} else if (ino[n + 1] == OVFLPAGE) {
ov_addr = ino[n];
/*
* Fix up the old page -- the extra 2 are the fields
@ -508,8 +504,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp,
putpair((char *)op, &key, &val);
}
old_bufp->flags |= BUF_MOD;
}
else {
} else {
/* Move to new page */
if (PAIRFITS(np, (&key), (&val)))
putpair((char *)np, &key, &val);
@ -560,8 +555,7 @@ __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
return (-1);
}
bp = (uint16 *)bufp->page;
}
else
} else
/* Try to squeeze key on this page */
if (FREESPACE(bp) > PAIRSIZE(key, val)) {
{
@ -575,8 +569,7 @@ __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
hashp->NKEYS++;
return (0);
}
}
else {
} else {
bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
if (!bufp) {
#ifdef DEBUG
@ -716,8 +709,7 @@ __get_page(HTAB *hashp,
if (!is_bitmap && !bp[0]) {
PAGE_INIT(p);
}
else {
} else {
if (hashp->LORDER != BYTE_ORDER) {
register int i, max;
@ -726,8 +718,7 @@ __get_page(HTAB *hashp,
max = hashp->BSIZE >> 2; /* divide by 4 */
for (i = 0; i < max; i++)
M_32_SWAP(((int *)p)[i]);
}
else {
} else {
M_16_SWAP(bp[0]);
max = bp[0] + 2;
@ -779,8 +770,7 @@ __get_page(HTAB *hashp,
return (DATABASE_CORRUPTED_ERROR);
offset = bp[i + 1];
}
else {
} else {
/* there are no other valid keys after
* seeing a non REAL_KEY
*/
@ -820,8 +810,7 @@ __put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap)
max = hashp->BSIZE >> 2; /* divide by 4 */
for (i = 0; i < max; i++)
M_32_SWAP(((int *)p)[i]);
}
else {
} else {
max = ((uint16 *)p)[0] + 2;
/* bound the size of max by
@ -865,8 +854,7 @@ __put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap)
max = hashp->BSIZE >> 2; /* divide by 4 */
for (i = 0; i < max; i++)
M_32_SWAP(((int *)p)[i]);
}
else {
} else {
uint16 *bp = (uint16 *)p;
M_16_SWAP(bp[0]);
@ -959,8 +947,7 @@ overflow_page(HTAB *hashp)
((hashp->BSIZE << BYTE_SHIFT) - 1);
j = bit / BITS_PER_MAP;
bit = bit & ~(BITS_PER_MAP - 1);
}
else {
} else {
bit = 0;
j = 0;
}
@ -1029,8 +1016,7 @@ overflow_page(HTAB *hashp)
hashp->SPARES[splitnum - 1]--;
offset = 0;
}
}
else {
} else {
/*
* Free_bit addresses the last used bit. Bump it to address
* the first available bit.

36
security/nss/lib/dbm/src/hash.c
Просмотреть файл

@ -173,8 +173,7 @@ __hash_open(const char *file, int flags, int mode, const HASHINFO *info, int dfl
if (errno == ENOENT)
errno = 0; /* Just in case someone looks at errno */
new_table = 1;
}
else if (statbuf.st_mtime && statbuf.st_size == 0) {
} else if (statbuf.st_mtime && statbuf.st_size == 0) {
/* check for a zero length file and delete it
* if it exists
*/
@ -195,8 +194,7 @@ __hash_open(const char *file, int flags, int mode, const HASHINFO *info, int dfl
if (new_table) {
if (!init_hash(hashp, file, (HASHINFO *)info))
RETURN_ERROR(errno, error1);
}
else {
} else {
/* Table already exists */
if (info && info->hash)
hashp->hash = info->hash;
@ -706,10 +704,8 @@ hash_put(
return (DBM_ERROR);
}
rv = hash_access(hashp, flag == R_NOOVERWRITE ?
HASH_PUTNEW
:
HASH_PUT,
rv = hash_access(hashp, flag == R_NOOVERWRITE ? HASH_PUTNEW
: HASH_PUT,
(DBT *)key, (DBT *)data);
if (rv == DATABASE_CORRUPTED_ERROR) {
@ -802,8 +798,7 @@ hash_access(
#endif
bp += 2;
ndx += 2;
}
else if (bp[1] == OVFLPAGE) {
} else if (bp[1] == OVFLPAGE) {
/* database corruption: overflow loop detection */
if (last_overflow_page_no == (int32)*bp)
@ -826,8 +821,7 @@ hash_access(
n = *bp++;
ndx = 1;
off = hashp->BSIZE;
}
else if (bp[1] < REAL_KEY) {
} else if (bp[1] < REAL_KEY) {
if ((ndx =
__find_bigpair(hashp, rbufp, ndx, kp, (int)size)) > 0)
goto found;
@ -849,8 +843,7 @@ hash_access(
n = *bp++;
ndx = 1;
off = hashp->BSIZE;
}
else {
} else {
save_bufp->flags &= ~BUF_PIN;
return (DBM_ERROR);
}
@ -864,8 +857,7 @@ hash_access(
if (__addel(hashp, rbufp, key, val)) {
save_bufp->flags &= ~BUF_PIN;
return (DBM_ERROR);
}
else {
} else {
save_bufp->flags &= ~BUF_PIN;
return (SUCCESS);
}
@ -886,8 +878,7 @@ found:
if (bp[ndx + 1] < REAL_KEY) {
if (__big_return(hashp, rbufp, ndx, val, 0))
return (DBM_ERROR);
}
else {
} else {
val->data = (uint8 *)rbufp->page + (int)bp[ndx + 1];
val->size = bp[ndx] - bp[ndx + 1];
}
@ -956,8 +947,7 @@ hash_seq(
hashp->cbucket = -1;
return (ABNORMAL);
}
}
else
} else
bp = (uint16 *)hashp->cpage->page;
#ifdef DEBUG
@ -981,8 +971,7 @@ hash_seq(
if (bp[ndx + 1] < REAL_KEY) {
if (__big_keydata(hashp, bufp, key, data, 1))
return (DBM_ERROR);
}
else {
} else {
key->data = (uint8 *)hashp->cpage->page + bp[ndx];
key->size = (ndx > 1 ? bp[ndx - 1] : hashp->BSIZE) - bp[ndx];
data->data = (uint8 *)hashp->cpage->page + bp[ndx + 1];
@ -992,8 +981,7 @@ hash_seq(
hashp->cpage = NULL;
hashp->cbucket++;
hashp->cndx = 1;
}
else
} else
hashp->cndx = ndx;
}
return (SUCCESS);

15
security/nss/lib/dbm/src/hash_buf.c
Просмотреть файл

@ -120,8 +120,7 @@ __get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage)
bp = NULL;
if (!newpage)
is_disk = BUF_DISK;
}
else {
} else {
/* Grab buffer out of directory */
segment_ndx = addr & (hashp->SGSIZE - 1);
@ -173,8 +172,7 @@ __get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage)
segp[segment_ndx] = bp;
#endif
}
}
else {
} else {
BUF_REMOVE(bp);
MRU_INSERT(bp);
}
@ -225,8 +223,7 @@ newbuf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp)
if (hashp->nbufs)
hashp->nbufs--;
}
else {
} else {
/* Kick someone out */
BUF_REMOVE(bp);
/*
@ -331,8 +328,7 @@ newbuf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp)
#endif
prev_bp->ovfl = bp;
bp->flags = 0;
}
else
} else
bp->flags = BUF_BUCKET;
MRU_INSERT(bp);
return (bp);
@ -394,8 +390,7 @@ __buf_free(HTAB *hashp, int do_free, int to_disk)
BUF_REMOVE(bp);
free(bp);
bp = LRU;
}
else
} else
bp = bp->prev;
}
return (0);

3
security/nss/lib/dbm/src/memmove.c
Просмотреть файл

@ -111,8 +111,7 @@ register size_t length;
TLOOP(*(word *)dst = *(word *)src; src += wsize; dst += wsize);
t = length & wmask;
TLOOP(*dst++ = *src++);
}
else {
} else {
/*
* Copy backwards. Otherwise essentially the same.
* Alignment works as before, except that it takes

3
security/nss/lib/dbm/src/mktemp.c
Просмотреть файл

@ -127,8 +127,7 @@ _gettemp(char *path, register int *doopen, int extraFlags)
return (1);
if (errno != EEXIST)
return (0);
}
else if (stat(path, &sbuf))
} else if (stat(path, &sbuf))
return (errno == ENOENT ? 1 : 0);
/* tricky little algorithm for backward compatibility */

33
security/nss/lib/dbm/tests/lots.c
Просмотреть файл

@ -249,19 +249,16 @@ VerifyRange(int32 low, int32 high, int32 should_exist, key_type_enum key_type)
/* got the item */
if (!should_exist) {
ReportError("Item exists but shouldn't: %ld", num);
}
else {
} else {
/* else verify the data */
VerifyData(&data, num, key_type);
}
}
else if (status > 0) {
} else if (status > 0) {
/* item not found */
if (should_exist) {
ReportError("Item not found but should be: %ld", num);
}
}
else {
} else {
/* database error */
ReportError("Database error");
return (-1);
@ -285,8 +282,7 @@ GenData(int32 num)
data = (DBT *)malloc(sizeof(DBT));
data->size = 0;
data->data = 0;
}
else if (data->data) {
} else if (data->data) {
free(data->data);
}
@ -328,8 +324,7 @@ AddOrDelRange(int32 low, int32 high, int action, key_type_enum key_type)
if (action == ADD_RANGE) {
TraceMe(1, ("Adding: %ld to %ld: %s keys", low, high,
key_type == USE_SMALL_KEY ? "SMALL" : "LARGE"));
}
else {
} else {
TraceMe(1, ("Deleting: %ld to %ld: %s keys", low, high,
key_type == USE_SMALL_KEY ? "SMALL" : "LARGE"));
}
@ -341,8 +336,7 @@ AddOrDelRange(int32 low, int32 high, int action, key_type_enum key_type)
if (action == ADD_RANGE) {
data = GenData(num);
status = (*database->put)(database, key, data, 0);
}
else {
} else {
status = (*database->del)(database, key, 0);
}
@ -350,13 +344,11 @@ AddOrDelRange(int32 low, int32 high, int action, key_type_enum key_type)
ReportError("Database error %s item: %ld",
action == ADD_RANGE ? "ADDING" : "DELETING",
num);
}
else if (status > 0) {
} else if (status > 0) {
ReportError("Could not %s item: %ld",
action == ADD_RANGE ? "ADD" : "DELETE",
num);
}
else if (action == ADD_RANGE) {
} else if (action == ADD_RANGE) {
#define SYNC_EVERY_TIME
#ifdef SYNC_EVERY_TIME
status = (*database->sync)(database, 0);
@ -388,8 +380,7 @@ AddOrDelRange(int32 low, int32 high, int action, key_type_enum key_type)
if (action == ADD_RANGE) {
TraceMe(1, ("Successfully added: %ld to %ld", low, high));
}
else {
} else {
TraceMe(1, ("Successfully deleted: %ld to %ld", low, high));
}
@ -524,8 +515,7 @@ main(int argc, char **argv)
if (1 || j) {
TestRange(START_RANGE, i, USE_LARGE_KEY);
j = 0;
}
else {
} else {
TestRange(START_RANGE, i, USE_SMALL_KEY);
j = 1;
}
@ -545,8 +535,7 @@ main(int argc, char **argv)
#endif
exit(1);
}
}
else {
} else {
/* reopen database without closeing the other */
database = dbopen("test.db", O_RDWR | O_CREAT, 0644, DB_HASH, 0);
if (!database) {

30
security/nss/lib/dev/ckhelper.c
Просмотреть файл

@ -145,8 +145,7 @@ loser:
if (arenaOpt) {
/* release all arena memory allocated before the failure. */
(void)nssArena_Release(arenaOpt, mark);
}
else {
} else {
CK_ULONG j;
/* free each heap object that was allocated before the failure. */
for (j = 0; j < i; j++) {
@ -222,8 +221,7 @@ nssCKObject_SetAttributes(
nssSession_ExitMonitor(session);
if (ckrv == CKR_OK) {
return PR_SUCCESS;
}
else {
} else {
return PR_FAILURE;
}
}
@ -311,10 +309,8 @@ nssCryptokiCertificate_GetAttributes(
cert_template, template_size);
if (status != PR_SUCCESS) {
session = sessionOpt ?
sessionOpt
:
nssToken_GetDefaultSession(certObject->token);
session = sessionOpt ? sessionOpt
: nssToken_GetDefaultSession(certObject->token);
if (!session) {
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
return PR_FAILURE;
@ -429,10 +425,8 @@ nssCryptokiTrust_GetAttributes(
CKO_NSS_TRUST,
trust_template, trust_size);
if (status != PR_SUCCESS) {
session = sessionOpt ?
sessionOpt
:
nssToken_GetDefaultSession(trustObject->token);
session = sessionOpt ? sessionOpt
: nssToken_GetDefaultSession(trustObject->token);
if (!session) {
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
return PR_FAILURE;
@ -503,10 +497,8 @@ nssCryptokiCRL_GetAttributes(
CKO_NSS_CRL,
crl_template, crl_size);
if (status != PR_SUCCESS) {
session = sessionOpt ?
sessionOpt
:
nssToken_GetDefaultSession(crlObject->token);
session = sessionOpt ? sessionOpt
: nssToken_GetDefaultSession(crlObject->token);
if (session == NULL) {
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
return PR_FAILURE;
@ -575,11 +567,9 @@ nssCryptokiPrivateKey_SetCertificate(
return PR_FAILURE;
}
session = sessionOpt;
}
else if (defaultSession && nssSession_IsReadWrite(defaultSession)) {
} else if (defaultSession && nssSession_IsReadWrite(defaultSession)) {
session = defaultSession;
}
else {
} else {
NSSSlot *slot = nssToken_GetSlot(token);
session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
nssSlot_Destroy(slot);

6
security/nss/lib/dev/ckhelper.h
Просмотреть файл

@ -68,8 +68,7 @@ NSS_EXTERN_DATA const NSSItem g_ck_class_privkey;
if ((CK_LONG)(attrib)->ulValueLen > 0) { \
(item)->data = (void *)(attrib)->pValue; \
(item)->size = (PRUint32)(attrib)->ulValueLen; \
} \
else { \
} else { \
(item)->data = 0; \
(item)->size = 0; \
}
@ -78,8 +77,7 @@ NSS_EXTERN_DATA const NSSItem g_ck_class_privkey;
if ((attrib)->ulValueLen > 0) { \
if (*((CK_BBOOL *)(attrib)->pValue) == CK_TRUE) { \
boolvar = PR_TRUE; \
} \
else { \
} else { \
boolvar = PR_FALSE; \
} \
}

100
security/nss/lib/dev/devtoken.c
Просмотреть файл

@ -135,8 +135,7 @@ nssToken_DeleteStoredObject(
if (token->defaultSession &&
nssSession_IsReadWrite(token->defaultSession)) {
session = token->defaultSession;
}
else {
} else {
session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
createdSession = PR_TRUE;
}
@ -180,17 +179,14 @@ import_object(
return NULL;
}
session = sessionOpt;
}
else if (tok->defaultSession &&
nssSession_IsReadWrite(tok->defaultSession)) {
} else if (tok->defaultSession &&
nssSession_IsReadWrite(tok->defaultSession)) {
session = tok->defaultSession;
}
else {
} else {
session = nssSlot_CreateSession(tok->slot, NULL, PR_TRUE);
createdSession = PR_TRUE;
}
}
else {
} else {
session = (sessionOpt) ? sessionOpt : tok->defaultSession;
}
if (session == NULL) {
@ -204,8 +200,7 @@ import_object(
nssSession_ExitMonitor(session);
if (ckrv == CKR_OK) {
object = nssCryptokiObject_Create(tok, session, handle);
}
else {
} else {
nss_SetError(ckrv);
nss_SetError(NSS_ERROR_PKCS11);
}
@ -268,15 +263,13 @@ find_objects(
/* the arena is only for the array of object handles */
if (maximumOpt > 0) {
arraySize = maximumOpt;
}
else {
} else {
arraySize = OBJECT_STACK_SIZE;
}
numHandles = 0;
if (arraySize <= OBJECT_STACK_SIZE) {
objectHandles = staticObjects;
}
else {
} else {
objectHandles = nss_ZNEWARRAY(NULL, CK_OBJECT_HANDLE, arraySize);
}
if (!objectHandles) {
@ -318,8 +311,7 @@ find_objects(
PORT_Memcpy(objectHandles, staticObjects,
OBJECT_STACK_SIZE * sizeof(objectHandles[1]));
}
}
else {
} else {
objectHandles = nss_ZREALLOCARRAY(objectHandles,
CK_OBJECT_HANDLE,
arraySize);
@ -338,8 +330,7 @@ find_objects(
if (numHandles > 0) {
objects = create_objects_from_handles(tok, session,
objectHandles, numHandles);
}
else {
} else {
nss_SetError(NSS_ERROR_NOT_FOUND);
objects = NULL;
}
@ -368,8 +359,7 @@ loser:
nss_SetError(NSS_ERROR_NOT_FOUND);
if (statusOpt)
*statusOpt = PR_SUCCESS;
}
else {
} else {
nss_SetError(ckrv);
nss_SetError(NSS_ERROR_PKCS11);
if (statusOpt)
@ -463,16 +453,14 @@ nssToken_ImportCertificate(
}
if (certType == NSSCertificateType_PKIX) {
cert_type = CKC_X_509;
}
else {
} else {
return (nssCryptokiObject *)NULL;
}
NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
if (asTokenObject) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
searchType = nssTokenSearchType_TokenOnly;
}
else {
} else {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
searchType = nssTokenSearchType_SessionOnly;
}
@ -546,8 +534,7 @@ nssToken_ImportCertificate(
}
nssSession_Destroy(session);
nssSlot_Destroy(slot);
}
else {
} else {
/* Import the certificate onto the token */
rvObject = import_object(tok, sessionOpt, cert_tmpl, ctsize);
}
@ -582,9 +569,8 @@ nssToken_FindObjects(
/* Set the search to token/session only if provided */
if (searchType == nssTokenSearchType_SessionOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
}
else if (searchType == nssTokenSearchType_TokenOnly ||
searchType == nssTokenSearchType_TokenForced) {
} else if (searchType == nssTokenSearchType_TokenOnly ||
searchType == nssTokenSearchType_TokenForced) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, objclass);
@ -594,8 +580,7 @@ nssToken_FindObjects(
objects = find_objects(token, sessionOpt,
obj_template, obj_size,
maximumOpt, statusOpt);
}
else {
} else {
objects = find_objects_by_template(token, sessionOpt,
obj_template, obj_size,
maximumOpt, statusOpt);
@ -620,8 +605,7 @@ nssToken_FindCertificatesBySubject(
/* Set the search to token/session only if provided */
if (searchType == nssTokenSearchType_SessionOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
}
else if (searchType == nssTokenSearchType_TokenOnly) {
} else if (searchType == nssTokenSearchType_TokenOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
@ -652,8 +636,7 @@ nssToken_FindCertificatesByNickname(
/* Set the search to token/session only if provided */
if (searchType == nssTokenSearchType_SessionOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
}
else if (searchType == nssTokenSearchType_TokenOnly) {
} else if (searchType == nssTokenSearchType_TokenOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
@ -701,8 +684,7 @@ nssToken_FindCertificatesByEmail(
/* Set the search to token/session only if provided */
if (searchType == nssTokenSearchType_SessionOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
}
else if (searchType == nssTokenSearchType_TokenOnly) {
} else if (searchType == nssTokenSearchType_TokenOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
@ -744,8 +726,7 @@ nssToken_FindCertificatesByID(
/* Set the search to token/session only if provided */
if (searchType == nssTokenSearchType_SessionOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
}
else if (searchType == nssTokenSearchType_TokenOnly) {
} else if (searchType == nssTokenSearchType_TokenOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
@ -825,9 +806,8 @@ nssToken_FindCertificateByIssuerAndSerialNumber(
/* Set the search to token/session only if provided */
if (searchType == nssTokenSearchType_SessionOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
}
else if ((searchType == nssTokenSearchType_TokenOnly) ||
(searchType == nssTokenSearchType_TokenForced)) {
} else if ((searchType == nssTokenSearchType_TokenOnly) ||
(searchType == nssTokenSearchType_TokenForced)) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
/* Set the unique id */
@ -841,8 +821,7 @@ nssToken_FindCertificateByIssuerAndSerialNumber(
objects = find_objects(token, sessionOpt,
cert_template, ctsize,
1, statusOpt);
}
else {
} else {
objects = find_objects_by_template(token, sessionOpt,
cert_template, ctsize,
1, statusOpt);
@ -869,8 +848,7 @@ nssToken_FindCertificateByIssuerAndSerialNumber(
objects = find_objects(token, sessionOpt,
cert_template, ctsize,
1, statusOpt);
}
else {
} else {
objects = find_objects_by_template(token, sessionOpt,
cert_template, ctsize,
1, statusOpt);
@ -900,8 +878,7 @@ nssToken_FindCertificateByEncodedCertificate(
/* Set the search to token/session only if provided */
if (searchType == nssTokenSearchType_SessionOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
}
else if (searchType == nssTokenSearchType_TokenOnly) {
} else if (searchType == nssTokenSearchType_TokenOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
@ -935,8 +912,7 @@ nssToken_FindPrivateKeys(
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_privkey);
if (searchType == nssTokenSearchType_SessionOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
}
else if (searchType == nssTokenSearchType_TokenOnly) {
} else if (searchType == nssTokenSearchType_TokenOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize);
@ -1094,8 +1070,7 @@ nssToken_ImportTrust(
NSS_CK_TEMPLATE_START(trust_tmpl, attr, tsize);
if (asTokenObject) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
else {
} else {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
}
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, tobjc);
@ -1111,8 +1086,7 @@ nssToken_ImportTrust(
if (stepUpApproved) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED,
&g_ck_true);
}
else {
} else {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED,
&g_ck_false);
}
@ -1185,8 +1159,7 @@ nssToken_ImportCRL(
NSS_CK_TEMPLATE_START(crl_tmpl, attr, crlsize);
if (asTokenObject) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
else {
} else {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
}
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, crlobjc);
@ -1195,8 +1168,7 @@ nssToken_ImportCRL(
NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NSS_URL, url);
if (isKRL) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_true);
}
else {
} else {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_false);
}
NSS_CK_TEMPLATE_FINISH(crl_tmpl, attr, crlsize);
@ -1235,9 +1207,8 @@ nssToken_FindCRLsBySubject(
NSS_CK_TEMPLATE_START(crlobj_template, attr, crlobj_size);
if (searchType == nssTokenSearchType_SessionOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
}
else if (searchType == nssTokenSearchType_TokenOnly ||
searchType == nssTokenSearchType_TokenForced) {
} else if (searchType == nssTokenSearchType_TokenOnly ||
searchType == nssTokenSearchType_TokenForced) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, crlobjc);
@ -1488,9 +1459,8 @@ nssToken_TraverseCertificates(
NSS_CK_TEMPLATE_START(cert_template, attr, ctsize);
if (searchType == nssTokenSearchType_SessionOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
}
else if (searchType == nssTokenSearchType_TokenOnly ||
searchType == nssTokenSearchType_TokenForced) {
} else if (searchType == nssTokenSearchType_TokenOnly ||
searchType == nssTokenSearchType_TokenForced) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);

26
security/nss/lib/dev/devutil.c
Просмотреть файл

@ -173,7 +173,7 @@ nssCryptokiObjectArray_Destroy(
/* object cache for token */
typedef struct
{
{
NSSArena *arena;
nssCryptokiObject *object;
CK_ATTRIBUTE_PTR attributes;
@ -315,8 +315,7 @@ create_object_array(
*doObjects = PR_FALSE;
*status = PR_FAILURE;
*numObjects = 0;
}
else {
} else {
rvOandA = nss_ZNEWARRAY(NULL,
nssCryptokiObjectAndAttributes *,
*numObjects + 1);
@ -437,16 +436,14 @@ search_for_objects(
/* Either no state change, or went from !logged in -> logged in */
cache->loggedIn = PR_TRUE;
doSearch = PR_TRUE;
}
else {
} else {
if (cache->loggedIn) {
/* went from logged in -> !logged in, destroy cached objects */
clear_cache(cache);
cache->loggedIn = PR_FALSE;
} /* else no state change, still not logged in, so exit */
}
}
else {
} else {
/* slot is friendly, thus always available for search */
doSearch = PR_TRUE;
}
@ -578,8 +575,7 @@ get_token_objects_for_cache(
}
if (status == PR_SUCCESS) {
nss_ZFreeIf(objects);
}
else {
} else {
PRUint32 j;
for (j = 0; j < i; j++) {
/* sigh */
@ -824,8 +820,7 @@ nssTokenObjectCache_GetObjectAttributes(
atemplate[i].ulValueLen < attr->ulValueLen) {
goto loser;
}
}
else {
} else {
atemplate[i].pValue = nss_ZAlloc(arena, attr->ulValueLen);
if (!atemplate[i].pValue) {
goto loser;
@ -906,15 +901,13 @@ nssTokenObjectCache_ImportObject(
(*oa)->object->token = NULL;
nssCryptokiObject_Destroy((*oa)->object);
nssArena_Destroy((*oa)->arena);
}
else {
} else {
/* Create space for a new entry */
if (count > 0) {
*otype = nss_ZREALLOCARRAY(*otype,
nssCryptokiObjectAndAttributes *,
count + 2);
}
else {
} else {
*otype = nss_ZNEWARRAY(NULL, nssCryptokiObjectAndAttributes *, 2);
}
}
@ -922,8 +915,7 @@ nssTokenObjectCache_ImportObject(
nssCryptokiObject *copyObject = nssCryptokiObject_Clone(object);
(*otype)[count] = create_object_of_type(copyObject, objectType,
&status);
}
else {
} else {
status = PR_FAILURE;
}
PZ_Unlock(cache->lock);

6
security/nss/lib/ssl/authcert.c
Просмотреть файл

@ -45,13 +45,11 @@ NSS_GetClientAuthData(void *arg,
privkey = PK11_FindKeyByAnyCert(cert, proto_win);
if (privkey) {
rv = SECSuccess;
}
else {
} else {
CERT_DestroyCertificate(cert);
}
}
}
else { /* no name given, automatically find the right cert. */
} else { /* no name given, automatically find the right cert. */
CERTCertNicknames *names;
int i;

9
security/nss/lib/ssl/cmpcert.c
Просмотреть файл

@ -52,8 +52,7 @@ NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
if (rv == SECSuccess) {
compatIssuerName.data = &issuerName.data[headerlen];
compatIssuerName.len = issuerName.len - headerlen;
}
else {
} else {
compatIssuerName.data = NULL;
compatIssuerName.len = 0;
}
@ -64,8 +63,7 @@ NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
rv = SECSuccess;
CERT_DestroyCertificate(curcert);
goto done;
}
else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) {
} else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) {
rv = SECSuccess;
CERT_DestroyCertificate(curcert);
goto done;
@ -79,8 +77,7 @@ NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
&curcert->derIssuer);
CERT_DestroyCertificate(oldcert);
depth++;
}
else {
} else {
CERT_DestroyCertificate(curcert);
curcert = NULL;
}

91
security/nss/lib/ssl/derive.c
Просмотреть файл

@ -160,8 +160,7 @@ ssl3_KeyAndMacDeriveBypass(
if (isTLS12) {
status = TLS_P_hash(HASH_AlgSHA256, &pwSpec->msItem,
"key expansion", &srcr, &keyblk, isFIPS);
}
else {
} else {
status = TLS_PRF(&pwSpec->msItem, "key expansion", &srcr, &keyblk,
isFIPS);
}
@ -169,8 +168,7 @@ ssl3_KeyAndMacDeriveBypass(
goto key_and_mac_derive_fail;
}
block_bytes = keyblk.len;
}
else {
} else {
/* key_block =
* MD5(master_secret + SHA('A' + master_secret +
* ServerHello.random + ClientHello.random)) +
@ -215,41 +213,40 @@ ssl3_KeyAndMacDeriveBypass(
* The key_block is partitioned as follows:
* client_write_MAC_secret[CipherSpec.hash_size]
*/
buildSSLKey(&key_block[i], macSize, &pwSpec->client.write_mac_key_item, \
buildSSLKey(&key_block[i], macSize, &pwSpec->client.write_mac_key_item,
"Client Write MAC Secret");
i += macSize;
/*
* server_write_MAC_secret[CipherSpec.hash_size]
*/
buildSSLKey(&key_block[i], macSize, &pwSpec->server.write_mac_key_item, \
buildSSLKey(&key_block[i], macSize, &pwSpec->server.write_mac_key_item,
"Server Write MAC Secret");
i += macSize;
if (!keySize) {
/* only MACing */
buildSSLKey(NULL, 0, &pwSpec->client.write_key_item, \
buildSSLKey(NULL, 0, &pwSpec->client.write_key_item,
"Client Write Key (MAC only)");
buildSSLKey(NULL, 0, &pwSpec->server.write_key_item, \
buildSSLKey(NULL, 0, &pwSpec->server.write_key_item,
"Server Write Key (MAC only)");
buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item, \
buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item,
"Client Write IV (MAC only)");
buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item, \
buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item,
"Server Write IV (MAC only)");
}
else if (!isExport) {
} else if (!isExport) {
/*
** Generate Domestic write keys and IVs.
** client_write_key[CipherSpec.key_material]
*/
buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item, \
buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item,
"Domestic Client Write Key");
i += keySize;
/*
** server_write_key[CipherSpec.key_material]
*/
buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item, \
buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item,
"Domestic Server Write Key");
i += keySize;
@ -257,34 +254,32 @@ ssl3_KeyAndMacDeriveBypass(
if (explicitIV) {
static unsigned char zero_block[32];
PORT_Assert(IVSize <= sizeof zero_block);
buildSSLKey(&zero_block[0], IVSize, \
&pwSpec->client.write_iv_item, \
buildSSLKey(&zero_block[0], IVSize,
&pwSpec->client.write_iv_item,
"Domestic Client Write IV");
buildSSLKey(&zero_block[0], IVSize, \
&pwSpec->server.write_iv_item, \
buildSSLKey(&zero_block[0], IVSize,
&pwSpec->server.write_iv_item,
"Domestic Server Write IV");
}
else {
} else {
/*
** client_write_IV[CipherSpec.IV_size]
*/
buildSSLKey(&key_block[i], IVSize, \
&pwSpec->client.write_iv_item, \
buildSSLKey(&key_block[i], IVSize,
&pwSpec->client.write_iv_item,
"Domestic Client Write IV");
i += IVSize;
/*
** server_write_IV[CipherSpec.IV_size]
*/
buildSSLKey(&key_block[i], IVSize, \
&pwSpec->server.write_iv_item, \
buildSSLKey(&key_block[i], IVSize,
&pwSpec->server.write_iv_item,
"Domestic Server Write IV");
i += IVSize;
}
}
PORT_Assert(i <= block_bytes);
}
else if (!isTLS) {
} else if (!isTLS) {
/*
** Generate SSL3 Export write keys and IVs.
*/
@ -300,7 +295,7 @@ ssl3_KeyAndMacDeriveBypass(
MD5_Update(md5Ctx, crsr.data, crsr.len);
MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
i += effKeySize;
buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \
buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item,
"SSL3 Export Client Write Key");
key_block2 += keySize;
@ -314,7 +309,7 @@ ssl3_KeyAndMacDeriveBypass(
MD5_Update(md5Ctx, srcr.data, srcr.len);
MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
i += effKeySize;
buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \
buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item,
"SSL3 Export Server Write Key");
key_block2 += keySize;
PORT_Assert(i <= block_bytes);
@ -327,7 +322,7 @@ ssl3_KeyAndMacDeriveBypass(
MD5_Begin(md5Ctx);
MD5_Update(md5Ctx, crsr.data, crsr.len);
MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item, \
buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item,
"SSL3 Export Client Write IV");
key_block2 += IVSize;
@ -338,14 +333,13 @@ ssl3_KeyAndMacDeriveBypass(
MD5_Begin(md5Ctx);
MD5_Update(md5Ctx, srcr.data, srcr.len);
MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item, \
buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item,
"SSL3 Export Server Write IV");
key_block2 += IVSize;
}
PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block);
}
else {
} else {
/*
** Generate TLS Export write keys and IVs.
*/
@ -369,7 +363,7 @@ ssl3_KeyAndMacDeriveBypass(
if (status != SECSuccess) {
goto key_and_mac_derive_fail;
}
buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \
buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item,
"TLS Export Client Write Key");
key_block2 += keySize;
@ -388,7 +382,7 @@ ssl3_KeyAndMacDeriveBypass(
if (status != SECSuccess) {
goto key_and_mac_derive_fail;
}
buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \
buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item,
"TLS Export Server Write Key");
key_block2 += keySize;
@ -406,11 +400,11 @@ ssl3_KeyAndMacDeriveBypass(
if (status != SECSuccess) {
goto key_and_mac_derive_fail;
}
buildSSLKey(key_block2, IVSize, \
&pwSpec->client.write_iv_item, \
buildSSLKey(key_block2, IVSize,
&pwSpec->client.write_iv_item,
"TLS Export Client Write IV");
buildSSLKey(key_block2 + IVSize, IVSize, \
&pwSpec->server.write_iv_item, \
buildSSLKey(key_block2 + IVSize, IVSize,
&pwSpec->server.write_iv_item,
"TLS Export Server Write IV");
key_block2 += 2 * IVSize;
}
@ -485,15 +479,13 @@ ssl3_MasterSecretDeriveBypass(
if (isTLS12) {
rv = TLS_P_hash(HASH_AlgSHA256, pms, "master secret", &crsr,
&master, isFIPS);
}
else {
} else {
rv = TLS_PRF(pms, "master secret", &crsr, &master, isFIPS);
}
if (rv != SECSuccess) {
PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
}
}
else {
} else {
int i;
unsigned int made = 0;
for (i = 0; i < 3; i++) {
@ -552,8 +544,7 @@ ssl_canExtractMS(PK11SymKey *pms, PRBool isTLS, PRBool isDH, PRBool *pcbp)
master_derive = CKM_TLS_MASTER_KEY_DERIVE;
key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
keyFlags = CKF_SIGN | CKF_VERIFY;
}
else {
} else {
if (isDH)
master_derive = CKM_SSL3_MASTER_KEY_DERIVE_DH;
else
@ -689,8 +680,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
if (protocolmask & SSL_CBP_SSL3) {
isTLS = PR_FALSE;
protocolmask ^= SSL_CBP_SSL3;
}
else {
} else {
isTLS = PR_TRUE;
protocolmask ^= SSL_CBP_TLS1_0;
}
@ -700,8 +690,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
*pcanbypass = PR_FALSE;
rv = SECSuccess;
break;
}
else
} else
testrsa = PR_TRUE;
}
for (; privKeytype == rsaKey && testrsa;) {
@ -781,8 +770,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
if (privKeytype == ecKey && testecdhe) {
/* TLS_ECDHE_ECDSA */
pecParams = &srvPubkey->u.ec.DEREncodedParams;
}
else if (privKeytype == rsaKey && testecdhe) {
} else if (privKeytype == rsaKey && testecdhe) {
/* TLS_ECDHE_RSA */
ECName ec_curve;
int serverKeyStrengthInBits;
@ -830,8 +818,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
rv = SECFailure;
break;
}
}
else {
} else {
/* TLS_ECDH_ECDSA */
keapub = srvPubkey;
keapriv = srvPrivkey;

44
security/nss/lib/ssl/dtlscon.c
Просмотреть файл

@ -287,16 +287,14 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
/* Do not attempt to process rest of messages in this record */
break;
}
}
else {
} else {
if (message_seq < ss->ssl3.hs.recvMessageSeq) {
/* Case 3: we do an immediate retransmit if we're
* in a waiting state*/
if (ss->ssl3.hs.rtTimerCb == NULL) {
/* Ignore */
}
else if (ss->ssl3.hs.rtTimerCb ==
dtls_RetransmitTimerExpiredCb) {
} else if (ss->ssl3.hs.rtTimerCb ==
dtls_RetransmitTimerExpiredCb) {
SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected",
SSL_GETPID(), ss->fd));
/* Check to see if we retransmitted recently. If so,
@ -316,16 +314,14 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
dtls_RetransmitTimerExpiredCb(ss);
rv = SECSuccess;
break;
}
else {
} else {
SSL_TRC(30,
("%d: SSL3[%d]: We just retransmitted. Ignoring.",
SSL_GETPID(), ss->fd));
rv = SECSuccess;
break;
}
}
else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) {
} else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) {
/* Retransmit the messages and re-arm the timer
* Note that we are not backing off the timer here.
* The spec isn't clear and my reasoning is that this
@ -340,8 +336,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
return rv;
break;
}
}
else if (message_seq > ss->ssl3.hs.recvMessageSeq) {
} else if (message_seq > ss->ssl3.hs.recvMessageSeq) {
/* Case 2
*
* Ignore this message. This means we don't handle out of
@ -350,8 +345,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
*
* XXX OK for now. Maybe do something smarter at some point?
*/
}
else {
} else {
/* Case 1
*
* Buffer the fragment for reassembly
@ -410,8 +404,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
* fragment */
ss->ssl3.hs.recvdHighWater = fragment_offset +
fragment_length;
}
else {
} else {
for (offset = fragment_offset;
offset < fragment_offset + fragment_length;
offset++) {
@ -429,8 +422,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
if (ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] &
OFFSET_MASK(offset)) {
ss->ssl3.hs.recvdHighWater++;
}
else {
} else {
break;
}
}
@ -491,8 +483,7 @@ dtls_QueueMessage(sslSocket *ss, SSL3ContentType type,
if (!msg) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
rv = SECFailure;
}
else {
} else {
PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight);
}
@ -659,8 +650,7 @@ dtls_TransmitMessageFlight(sslSocket *ss)
}
room_left = ss->ssl3.mtu - ss->pendingBuf.len;
}
else {
} else {
/* The message will not fit, so fragment.
*
* XXX OK for now. Arrange to coalesce the last fragment
@ -825,8 +815,7 @@ dtls_CompressMACEncryptRecord(sslSocket *ss,
cwSpec = ss->ssl3.pwSpec;
else
cwSpec = NULL;
}
else {
} else {
cwSpec = ss->ssl3.cwSpec;
}
@ -835,12 +824,10 @@ dtls_CompressMACEncryptRecord(sslSocket *ss,
rv = ssl3_CompressMACEncryptRecord(cwSpec, ss->sec.isServer, PR_TRUE,
PR_FALSE, type, pIn, contentLen,
wrBuf);
}
else {
} else {
rv = tls13_ProtectRecord(ss, type, pIn, contentLen, wrBuf);
}
}
else {
} else {
PR_NOT_REACHED("Couldn't find a cipher spec matching epoch");
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
}
@ -1160,8 +1147,7 @@ DTLS_GetHandshakeTimeout(PRFileDesc *socket, PRIntervalTime *timeout)
if (elapsed > desired) {
/* Timer expired */
*timeout = PR_INTERVAL_NO_WAIT;
}
else {
} else {
*timeout = desired - elapsed;
}

2
security/nss/lib/ssl/os2_err.c
Просмотреть файл

@ -148,7 +148,7 @@ nss_MD_os2_map_send_error(PRInt32 err)
{
PRErrorCode prError;
switch (err) {
// case WSAEMSGSIZE: prError = PR_INVALID_ARGUMENT_ERROR; break;
// case WSAEMSGSIZE: prError = PR_INVALID_ARGUMENT_ERROR; break;
default:
nss_MD_os2_map_default_error(err);
return;

534
security/nss/lib/ssl/ssl3con.c
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

35
security/nss/lib/ssl/ssl3ecc.c
Просмотреть файл

@ -252,8 +252,7 @@ ssl3_ComputeECDHKeyHash(SSLHashType hashAlg,
bufLen = 2 * SSL3_RANDOM_LENGTH + ec_params.len + 1 + server_ecpoint.len;
if (bufLen <= sizeof buf) {
hashBuf = buf;
}
else {
} else {
hashBuf = PORT_Alloc(bufLen);
if (!hashBuf) {
return SECFailure;
@ -322,11 +321,9 @@ ssl3_SendECDHClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
if (isTLS12) {
target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
}
else if (isTLS) {
} else if (isTLS) {
target = CKM_TLS_MASTER_KEY_DERIVE_DH;
}
else {
} else {
target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
}
@ -449,11 +446,9 @@ ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b,
if (isTLS12) {
target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
}
else if (isTLS) {
} else if (isTLS) {
target = CKM_TLS_MASTER_KEY_DERIVE_DH;
}
else {
} else {
target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
}
@ -603,8 +598,7 @@ ssl3_GetCurveNameForServerSocket(sslSocket *ss)
return ec_noName;
}
signatureKeyStrength = curve2bits[ec_curve];
}
else {
} else {
/* RSA is our signing cert */
int serverKeyStrengthInBits;
@ -931,8 +925,7 @@ ssl3_SendECDHServerKeyExchange(
if (ss->opt.reuseServerECDHEKey) {
rv = ssl3_CreateECDHEphemeralKeys(ss, curve);
}
else {
} else {
rv = ssl3_CreateECDHEphemeralKeyPair(curve, &ss->ephemeralECDHKeyPair);
}
if (rv != SECSuccess) {
@ -953,8 +946,7 @@ ssl3_SendECDHServerKeyExchange(
ec_params.data[0] = ec_type_named;
ec_params.data[1] = 0x00;
ec_params.data[2] = curve;
}
else {
} else {
PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
goto loser;
}
@ -1153,8 +1145,7 @@ ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss)
if (!svrCert) {
ssl3_DisableECCSuites(ss, ecdh_suites);
ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
}
else {
} else {
SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature);
switch (sigTag) {
@ -1224,12 +1215,14 @@ static const PRUint8 suiteBECList[] = {
/* Prefabricated TLS client hello extension, Elliptic Curves List,
* offers curves 1-25.
*/
/* clang-format off */
static const PRUint8 tlsECList[] = {
1, 2, 3, 4, 5, 6, 7, 8,
9, 10, 11, 12, 13, 14, 15, 16,
17, 18, 19, 20, 21, 22, 23, 24,
25
};
/* clang-format on */
static const PRUint8 ecPtFmt[6] = {
BE(11), /* Extension type */
@ -1295,8 +1288,7 @@ ssl3_SendSupportedCurvesXtn(
APPEND_CURVE(suiteBECList[i]);
}
ecListSize = pos;
}
else {
} else {
for (i = 0; i < sizeof(tlsECList); i++) {
APPEND_CURVE(tlsECList[i]);
}
@ -1343,8 +1335,7 @@ ssl3_GetSupportedECCurveMask(sslSocket *ss)
if (ssl3_SuiteBOnly(ss)) {
curves = SSL3_SUITE_B_SUPPORTED_CURVES_MASK;
}
else {
} else {
curves = SSL3_ALL_SUPPORTED_CURVES_MASK;
}

79
security/nss/lib/ssl/ssl3ext.c
Просмотреть файл

@ -319,6 +319,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = {
static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] =
{
{ ssl_server_name_xtn, &ssl3_SendServerNameXtn },
{ ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn },
{ ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
#ifndef NSS_DISABLE_ECC
{ ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn },
@ -331,7 +332,6 @@ static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS]
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
{ ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
{ ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn },
{ ssl_signed_cert_timestamp_xtn, &ssl3_ClientSendSignedCertTimestampXtn },
{ ssl_tls13_key_share_xtn, &tls13_ClientSendKeyShareXtn },
/* any extra entries will appear as { 0, NULL } */
@ -570,12 +570,11 @@ ssl3_SendSessionTicketXtn(
if (session_ticket->ticket.data) {
if (ss->xtnData.ticketTimestampVerified) {
extension_length += session_ticket->ticket.len;
}
else if (!append &&
(session_ticket->ticket_lifetime_hint == 0 ||
(session_ticket->ticket_lifetime_hint +
session_ticket->received_timestamp >
ssl_Time()))) {
} else if (!append &&
(session_ticket->ticket_lifetime_hint == 0 ||
(session_ticket->ticket_lifetime_hint +
session_ticket->received_timestamp >
ssl_Time()))) {
extension_length += session_ticket->ticket.len;
ss->xtnData.ticketTimestampVerified = PR_TRUE;
}
@ -598,8 +597,7 @@ ssl3_SendSessionTicketXtn(
session_ticket->ticket.len, 2);
ss->xtnData.ticketTimestampVerified = PR_FALSE;
ss->xtnData.sentSessionTicketInClientHello = PR_TRUE;
}
else {
} else {
rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
}
if (rv != SECSuccess)
@ -906,8 +904,7 @@ ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
if (i <= len) {
memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i);
memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i);
}
else {
} else {
/* This seems to be invalid data so we'll send as-is. */
memcpy(alpn_protos, ss->opt.nextProtoNego.data, len);
}
@ -1015,8 +1012,7 @@ ssl3_ServerSendStatusRequestXtn(
if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
effectiveExchKeyType = ssl_kea_rsa;
}
else {
} else {
effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
}
@ -1170,8 +1166,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
if (ss->opt.bypassPKCS11) {
rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
&mac_key, &mac_key_length);
}
else
} else
#endif
{
rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
@ -1185,8 +1180,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
ms_item.data = ss->ssl3.pwSpec->msItem.data;
ms_item.len = ss->ssl3.pwSpec->msItem.len;
ms_is_wrapped = PR_FALSE;
}
else {
} else {
/* Extract the master secret wrapped. */
sslSessionID sid;
PORT_Memset(&sid, 0, sizeof(sslSessionID));
@ -1194,8 +1188,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
effectiveExchKeyType = kt_rsa;
}
else {
} else {
effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
}
@ -1209,8 +1202,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
ms_item.data = wrapped_ms;
ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len;
msWrapMech = sid.u.ssl3.masterWrapMech;
}
else {
} else {
/* TODO: else send an empty ticket. */
goto loser;
}
@ -1326,8 +1318,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
ss->sec.ci.sid->peerCert->derCert.len);
if (rv != SECSuccess)
goto loser;
}
else {
} else {
rv = ssl3_AppendNumberToItem(&plaintext, 0, 1);
if (rv != SECSuccess)
goto loser;
@ -1352,8 +1343,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
rv = ssl3_AppendToItem(&plaintext, srvName->data, srvName->len);
if (rv != SECSuccess)
goto loser;
}
else {
} else {
/* No Name */
rv = ssl3_AppendNumberToItem(&plaintext, (char)TLS_STE_NO_SERVER_NAME, 1);
if (rv != SECSuccess)
@ -1389,8 +1379,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
plaintext_item.len);
if (rv != SECSuccess)
goto loser;
}
else
} else
#endif
{
aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
@ -1427,8 +1416,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len);
HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
sizeof(computed_mac));
}
else
} else
#endif
{
SECItem macParam;
@ -1544,8 +1532,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
*/
if (data->len == 0) {
ss->xtnData.emptySessionTicket = PR_TRUE;
}
else {
} else {
PRUint32 i;
SECItem extension_data;
EncryptedSessionTicket enc_session_ticket;
@ -1601,8 +1588,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
if (ss->opt.bypassPKCS11) {
rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
&mac_key, &mac_key_length);
}
else
} else
#endif
{
rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
@ -1640,8 +1626,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
sizeof(computed_mac)) != SECSuccess)
goto no_ticket;
}
else
} else
#endif
{
SECItem macParam;
@ -1653,8 +1638,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.",
SSL_GETPID(), ss->fd, PORT_GetError()));
goto no_ticket;
}
else {
} else {
SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.",
SSL_GETPID(), ss->fd));
}
@ -1708,8 +1692,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
enc_session_ticket.encrypted_state.len);
if (rv != SECSuccess)
goto no_ticket;
}
else
} else
#endif
{
SECItem ivItem;
@ -2050,8 +2033,7 @@ ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length,
case server_hello:
if (ss->version > SSL_LIBRARY_VERSION_3_0) {
handlers = serverHelloHandlersTLS;
}
else {
} else {
handlers = serverHelloHandlersSSL3;
}
break;
@ -2131,13 +2113,11 @@ ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type,
ssl3HelloExtensionSender *sender;
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
sender = &ss->xtnData.serverHelloSenders[0];
}
else {
} else {
if (tls13_ExtensionAllowed(ex_type, server_hello)) {
PORT_Assert(!tls13_ExtensionAllowed(ex_type, encrypted_extensions));
sender = &ss->xtnData.serverHelloSenders[0];
}
else {
} else {
PORT_Assert(tls13_ExtensionAllowed(ex_type, encrypted_extensions));
sender = &ss->xtnData.encryptedExtensionsSenders[0];
}
@ -2172,8 +2152,7 @@ ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
if (!sender) {
if (ss->version > SSL_LIBRARY_VERSION_3_0) {
sender = &clientHelloSendersTLS[0];
}
else {
} else {
sender = &clientHelloSendersSSL3[0];
}
}
@ -2884,8 +2863,7 @@ ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss, PRBool append,
goto loser;
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
ssl_signed_cert_timestamp_xtn;
}
else if (maxBytes < extension_length) {
} else if (maxBytes < extension_length) {
PORT_Assert(0);
return 0;
}
@ -2932,8 +2910,7 @@ ssl3_ServerSendSignedCertTimestampXtn(sslSocket *ss,
if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
effectiveExchKeyType = ssl_kea_rsa;
}
else {
} else {
effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
}

27
security/nss/lib/ssl/ssl3gthr.c
Просмотреть файл

@ -59,14 +59,12 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags)
if (nb > 0) {
PRINT_BUF(60, (ss, "raw gather data:", bp, nb));
}
else if (nb == 0) {
} else if (nb == 0) {
/* EOF */
SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
rv = 0;
break;
}
else /* if (nb < 0) */ {
} else /* if (nb < 0) */ {
SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
PR_GetError()));
rv = SECFailure;
@ -194,14 +192,12 @@ dtls_GatherData(sslSocket *ss, sslGather *gs, int flags)
if (nb > 0) {
PRINT_BUF(60, (ss, "raw gather data:", gs->dtlsPacket.buf, nb));
}
else if (nb == 0) {
} else if (nb == 0) {
/* EOF */
SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
rv = 0;
return rv;
}
else /* if (nb < 0) */ {
} else /* if (nb < 0) */ {
SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
PR_GetError()));
rv = SECFailure;
@ -314,8 +310,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
if (ss->ssl3.hs.msgState.buf) {
if (ss->ssl3.hs.msgState.len == 0) {
ss->ssl3.hs.msgState.buf = NULL;
}
else {
} else {
handleRecordNow = PR_TRUE;
}
}
@ -329,8 +324,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
* handshake record.
*/
rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);
}
else {
} else {
/* bring in the next sslv3 record. */
if (ss->recvdCloseNotify) {
/* RFC 5246 Section 7.2.1:
@ -340,8 +334,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
}
if (!IS_DTLS(ss)) {
rv = ssl3_GatherData(ss, &ss->gs, flags);
}
else {
} else {
rv = dtls_GatherData(ss, &ss->gs, flags);
/* If we got a would block error, that means that no data was
@ -412,8 +405,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
PORT_Assert(ss->firstHsDone);
PORT_Assert(!ss->ssl3.hs.canFalseStart);
keepGoing = PR_FALSE;
}
else if (ss->ssl3.hs.canFalseStart) {
} else if (ss->ssl3.hs.canFalseStart) {
/* Prioritize sending application data over trying to complete
* the handshake if we're false starting.
*
@ -426,8 +418,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
if (ssl3_WaitingForServerSecondRound(ss)) {
keepGoing = PR_FALSE;
}
else {
} else {
ss->ssl3.hs.canFalseStart = PR_FALSE;
}
}

12
security/nss/lib/ssl/sslauth.c
Просмотреть файл

@ -123,8 +123,7 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
if (ss->opt.useSecurity && ss->enoughFirstHsDone) {
if (ss->version < SSL_LIBRARY_VERSION_3_0) {
cipherName = ssl_cipherName[ss->sec.cipherType];
}
else {
} else {
cipherName = ssl3_cipherName[ss->sec.cipherType];
}
PORT_Assert(cipherName);
@ -150,11 +149,9 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
if (op) {
if (ss->sec.keyBits == 0) {
*op = SSL_SECURITY_STATUS_OFF;
}
else if (ss->sec.secretKeyBits < 90) {
} else if (ss->sec.secretKeyBits < 90) {
*op = SSL_SECURITY_STATUS_ON_LOW;
}
else {
} else {
*op = SSL_SECURITY_STATUS_ON_HIGH;
}
}
@ -170,8 +167,7 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
if (sp) {
*sp = CERT_NameToAscii(&cert->subject);
}
}
else {
} else {
if (ip) {
*ip = PORT_Strdup("no certificate");
}

91
security/nss/lib/ssl/sslcon.c
Просмотреть файл

@ -142,9 +142,8 @@ ssl2_ConstructCipherSpecs(sslSocket *ss)
count = 0;
PORT_Assert(ss != 0);
allowed = !ss->opt.enableSSL2 ? 0 :
(ss->allowedByPolicy &
ss->chosenPreference & SSL_CB_IMPLEMENTED);
allowed = !ss->opt.enableSSL2 ? 0 : (ss->allowedByPolicy &
ss->chosenPreference & SSL_CB_IMPLEMENTED);
while (allowed) {
if (allowed & 1)
++count;
@ -179,9 +178,8 @@ ssl2_ConstructCipherSpecs(sslSocket *ss)
ss->sizeCipherSpecs = count * 3;
/* fill in cipher specs for SSL2 cipher suites */
allowed = !ss->opt.enableSSL2 ? 0 :
(ss->allowedByPolicy &
ss->chosenPreference & SSL_CB_IMPLEMENTED);
allowed = !ss->opt.enableSSL2 ? 0 : (ss->allowedByPolicy &
ss->chosenPreference & SSL_CB_IMPLEMENTED);
for (i = 0; i < ssl2_NUM_SUITES_IMPLEMENTED * 3; i += 3) {
const PRUint8 *hs = implementedCipherSuites + i;
int ok = allowed & (1U << hs[0]);
@ -267,12 +265,10 @@ ssl2_SetPolicy(PRInt32 which, PRInt32 policy)
if (policy == SSL_ALLOWED) {
allowedByPolicy |= bitMask;
maybeAllowedByPolicy |= bitMask;
}
else if (policy == SSL_RESTRICTED) {
} else if (policy == SSL_RESTRICTED) {
allowedByPolicy &= ~bitMask;
maybeAllowedByPolicy |= bitMask;
}
else {
} else {
allowedByPolicy &= ~bitMask;
maybeAllowedByPolicy &= ~bitMask;
}
@ -301,8 +297,7 @@ ssl2_GetPolicy(PRInt32 which, PRInt32 *oPolicy)
if (maybeAllowedByPolicy & bitMask) {
policy = (allowedByPolicy & bitMask) ? SSL_ALLOWED : SSL_RESTRICTED;
}
else {
} else {
policy = SSL_NOT_ALLOWED;
}
@ -617,8 +612,7 @@ ssl2_SendServerFinishedMessage(sslSocket *ss)
if (ss->sec.uncache)
(*ss->sec.uncache)(sid);
rv = (SECStatus)sent;
}
else if (!ss->opt.noCache) {
} else if (!ss->opt.noCache) {
if (sid->cached == never_cached) {
(*ss->sec.cache)(sid);
}
@ -873,8 +867,7 @@ ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
if (rv < 0) {
if (PORT_GetError() == PR_WOULD_BLOCK_ERROR) {
rv = 0;
}
else {
} else {
/* Return short write if some data already went out... */
if (count == 0)
count = rv;
@ -887,8 +880,7 @@ ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
if (ssl_SaveWriteData(ss, out + rv, amount + 2 - rv) ==
SECFailure) {
count = SECFailure;
}
else {
} else {
count += amount;
ss->sec.sendSequence++;
}
@ -973,8 +965,7 @@ ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
"saving data",
SSL_GETPID(), ss->fd));
rv = 0;
}
else {
} else {
SSL_TRC(10, ("%d: SSL[%d]: send stream error %d",
SSL_GETPID(), ss->fd, PORT_GetError()));
/* Return short write if some data already went out... */
@ -988,8 +979,7 @@ ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
/* Short write. Save the data and return. */
if (ssl_SaveWriteData(ss, out + rv, buflen - rv) == SECFailure) {
count = SECFailure;
}
else {
} else {
count += amount;
ss->sec.sendSequence++;
}
@ -1048,8 +1038,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
hlen = 3;
padding = ss->sec.blockSize - padding;
nout += padding;
}
else {
} else {
hlen = 2;
}
buflen = hlen + nout;
@ -1067,8 +1056,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
*op++ = MSB(nout);
*op++ = LSB(nout);
*op++ = padding;
}
else {
} else {
*op++ = 0x80 | MSB(nout);
*op++ = LSB(nout);
}
@ -1105,8 +1093,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
if (rv < 0) {
if (PORT_GetError() == PR_WOULD_BLOCK_ERROR) {
rv = 0;
}
else {
} else {
SSL_TRC(10, ("%d: SSL[%d]: send block error %d",
SSL_GETPID(), ss->fd, PORT_GetError()));
/* Return short write if some data already went out... */
@ -1120,8 +1107,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
/* Short write. Save the data and return. */
if (ssl_SaveWriteData(ss, out + rv, op - out - rv) == SECFailure) {
count = SECFailure;
}
else {
} else {
count += amount;
ss->sec.sendSequence++;
}
@ -1226,8 +1212,7 @@ ssl_GatherRecord1stHandshake(sslSocket *ss)
if ((ss->version >= SSL_LIBRARY_VERSION_3_0) || IS_DTLS(ss)) {
/* Wait for handshake to complete, or application data to arrive. */
rv = ssl3_GatherCompleteHandshake(ss, 0);
}
else {
} else {
/* See if we have a complete record */
rv = ssl2_GatherRecord(ss, 0);
}
@ -1886,12 +1871,10 @@ ssl2_ChooseSessionCypher(sslSocket *ss,
if ((ohs[0] == SSL_CK_RC4_128_WITH_MD5) ||
(ohs[0] == SSL_CK_RC2_128_CBC_WITH_MD5)) {
PORT_SetError(SSL_ERROR_US_ONLY_SERVER);
}
else if ((ohs[0] == SSL_CK_RC4_128_EXPORT40_WITH_MD5) ||
(ohs[0] == SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5)) {
} else if ((ohs[0] == SSL_CK_RC4_128_EXPORT40_WITH_MD5) ||
(ohs[0] == SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5)) {
PORT_SetError(SSL_ERROR_EXPORT_ONLY_SERVER);
}
else {
} else {
PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
}
SSL_DBG(("%d: SSL[%d]: no cipher overlap", SSL_GETPID(), ss->fd));
@ -2223,8 +2206,7 @@ ssl2_TryToFinish(sslSocket *ss)
if (ss->sec.isServer) {
/* Send server finished message if we already didn't */
rv = ssl2_SendServerFinishedMessage(ss);
}
else {
} else {
/* Send client finished message if we already didn't */
rv = ssl2_SendClientFinishedMessage(ss);
}
@ -2469,8 +2451,8 @@ ssl2_HandleClientCertificate(sslSocket *ss,
goto loser;
/* Now ask the server application if it likes the certificate... */
rv = (SECStatus) (*ss->authCertificate)(ss->authCertificateArg,
ss->fd, PR_TRUE, PR_TRUE);
rv = (SECStatus)(*ss->authCertificate)(ss->authCertificateArg,
ss->fd, PR_TRUE, PR_TRUE);
/* Hey, it liked it. */
if (SECSuccess == rv)
goto done;
@ -2612,8 +2594,7 @@ ssl2_HandleMessage(sslSocket *ss)
ss->gs.recordLen) {
/* prevent overflow crash. */
rv = SECFailure;
}
else
} else
rv = ssl2_HandleClientCertificate(ss, data[1],
data + SSL_HL_CLIENT_CERTIFICATE_HBYTES,
certLen,
@ -2795,8 +2776,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss)
SSL_TRC(3, ("%d: SSL[%d]: demoting self (%x) to server version (%x)",
SSL_GETPID(), ss->fd, SSL_LIBRARY_VERSION_2,
ss->version));
}
else {
} else {
SSL_TRC(1, ("%d: SSL[%d]: server version is %x (we are %x)",
SSL_GETPID(), ss->fd, ss->version, SSL_LIBRARY_VERSION_2));
/* server claims to be newer but does not follow protocol */
@ -2845,8 +2825,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss)
if (rv != SECSuccess) {
goto loser;
}
}
else {
} else {
if (certType != SSL_CT_X509_CERTIFICATE) {
PORT_SetError(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
goto loser;
@ -2916,8 +2895,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss)
SSL_GETPID(), ss->fd));
PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
rv = SECFailure;
}
else {
} else {
/* cert is bad */
SSL_DBG(("%d: SSL[%d]: server certificate is no good: error=%d",
SSL_GETPID(), ss->fd, PORT_GetError()));
@ -2925,8 +2903,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss)
goto loser;
}
/* cert is good */
}
else {
} else {
SSL_DBG(("%d: SSL[%d]: server certificate is no good: error=%d",
SSL_GETPID(), ss->fd, PORT_GetError()));
goto loser;
@ -3032,8 +3009,7 @@ ssl2_BeginClientHandshake(sslSocket *ss)
/* Try to find server in our session-id cache */
if (ss->opt.noCache) {
sid = NULL;
}
else {
} else {
sid = ssl_LookupSID(&ss->sec.ci.peer, ss->sec.ci.port, ss->peerID,
ss->url);
}
@ -3434,8 +3410,7 @@ ssl2_HandleClientHelloMessage(sslSocket *ss)
** knows whats up.
*/
ss->version = SSL_LIBRARY_VERSION_2;
}
else {
} else {
SSL_TRC(1, ("%d: SSL[%d]: client version is %x (we are %x)",
SSL_GETPID(), ss->fd, ss->version, SSL_LIBRARY_VERSION_2));
PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
@ -3473,8 +3448,7 @@ ssl2_HandleClientHelloMessage(sslSocket *ss)
ss->sec.ci.peer.pr_s6_addr32[2],
ss->sec.ci.peer.pr_s6_addr32[3]));
sid = (*ssl_sid_lookup)(&ss->sec.ci.peer, sd, sdLen, ss->dbHandle);
}
else {
} else {
sid = NULL;
}
if (sid) {
@ -3498,8 +3472,7 @@ ssl2_HandleClientHelloMessage(sslSocket *ss)
if (rv != SECSuccess) {
goto loser;
}
}
else {
} else {
SECItem *derCert = &serverCert->derCert;
SSL_TRC(7, ("%d: SSL[%d]: server, lookup nonce missed",

3
security/nss/lib/ssl/ssldef.c
Просмотреть файл

@ -70,8 +70,7 @@ ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
if (rv < 0) {
DEFINE_ERROR
MAP_ERROR(PR_SOCKET_SHUTDOWN_ERROR, PR_CONNECT_RESET_ERROR)
}
else if (rv > len) {
} else if (rv > len) {
PORT_Assert(rv <= len);
PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
rv = SECFailure;

17
security/nss/lib/ssl/sslenum.c
Просмотреть файл

@ -48,10 +48,16 @@
*/
const PRUint16 SSL_ImplementedCiphers[] = {
#ifndef NSS_DISABLE_ECC
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
#ifdef __arm__
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
#endif /* __arm__ */
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
#ifndef __arm__
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
#endif /* __arm__ */
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147.
*/
@ -67,8 +73,13 @@ const PRUint16 SSL_ImplementedCiphers[] = {
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
#endif /* NSS_DISABLE_ECC */
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
#ifdef __arm__
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
#endif /* __arm__ */
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
#ifndef __arm__
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
#endif /* __arm__ */
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,

18
security/nss/lib/ssl/sslgathr.c
Просмотреть файл

@ -142,8 +142,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
* be called again by ssl_Do1stHandshake.
*/
return SECWouldBlock;
}
else if (gs->hdr[0] == content_alert) {
} else if (gs->hdr[0] == content_alert) {
if (ss->nextHandshake == ssl2_HandleServerHelloMessage) {
/* XXX This is a hack. We're assuming that any failure
* XXX on the client hello is a failure to match
@ -160,8 +159,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
/* This record has a 2-byte header, and no padding */
gs->count = ((gs->hdr[0] & 0x7f) << 8) | gs->hdr[1];
gs->recordPadding = 0;
}
else {
} else {
/* This record has a 3-byte header that is all read in now. */
gs->count = ((gs->hdr[0] & 0x3f) << 8) | gs->hdr[1];
/* is_escape = (gs->hdr[0] & 0x40) != 0; */
@ -187,8 +185,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
pBuf[0] = gs->hdr[2];
gs->offset = 1;
gs->remainder = gs->count - 1;
}
else {
} else {
gs->offset = 0;
gs->remainder = gs->count;
}
@ -197,8 +194,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
gs->state = GS_MAC;
gs->recordLen = gs->count - gs->recordPadding -
ss->sec.hash->length;
}
else {
} else {
gs->state = GS_DATA;
gs->recordLen = gs->count;
}
@ -286,8 +282,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
rv = SECFailure;
goto cleanup;
}
}
else {
} else {
ssl_ReleaseSpecReadLock(ss); /******************************/
}
@ -296,8 +291,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
gs->readOffset = macLen;
gs->writeOffset = gs->offset - gs->recordPadding;
rv = 1;
}
else {
} else {
PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING);
cleanup:
/* nothing in the buffer any more. */

11
security/nss/lib/ssl/sslinfo.c
Просмотреть файл

@ -30,7 +30,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
/* Check if we can properly return the length of data written and that
* we're not asked to return more information than we know how to provide.
*/
if (!info || len < sizeof inf.length || len > sizeof inf) {
if (!info || len < sizeof inf.length || len > sizeof inf) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
@ -54,8 +54,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
inf.cipherSuite = ss->sec.cipherType | 0xff00;
inf.compressionMethod = ssl_compression_null;
inf.compressionMethodName = "N/A";
}
else if (ss->ssl3.initialized) { /* SSL3 and TLS */
} else if (ss->ssl3.initialized) { /* SSL3 and TLS */
ssl_GetSpecReadLock(ss);
/* XXX The cipher suite should be in the specs and this
* function should get it from cwSpec rather than from the "hs".
@ -81,8 +80,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
inf.sessionIDLength = SSL2_SESSIONID_BYTES;
memcpy(inf.sessionID, sid->u.ssl2.sessionID,
SSL2_SESSIONID_BYTES);
}
else {
} else {
unsigned int sidLen = sid->u.ssl3.sessionIDLength;
sidLen = PR_MIN(sidLen, sizeof inf.sessionID);
inf.sessionIDLength = sidLen;
@ -442,8 +440,7 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
rv = SECFailure;
}
else {
} else {
rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val,
valLen, out, outLen);
}

6
security/nss/lib/ssl/sslmutex.h
Просмотреть файл

@ -34,8 +34,7 @@
#include <wtypes.h>
typedef struct
{
typedef struct {
PRBool isMultiProcess;
#ifdef WINNT
/* on WINNT we need both the PRLock and the Win32 mutex for fibers */
@ -73,8 +72,7 @@ typedef pid_t sslPID;
#include <sys/types.h> /* for pid_t */
#include <semaphore.h> /* for sem_t, and sem_* functions */
typedef struct
{
typedef struct {
PRBool isMultiProcess;
union {
PRLock *sslLock;

43
security/nss/lib/ssl/sslnonce.c
Просмотреть файл

@ -174,8 +174,7 @@ ssl_DestroySID(sslSessionID *sid)
if (sid->version < SSL_LIBRARY_VERSION_3_0) {
SECITEM_ZfreeItem(&sid->u.ssl2.masterKey, PR_FALSE);
SECITEM_ZfreeItem(&sid->u.ssl2.cipherArg, PR_FALSE);
}
else {
} else {
if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
PR_FALSE);
@ -277,28 +276,26 @@ ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, const char *peerID,
SSL_TRC(7, ("SSL: lookup1, throwing sid out, age=%d refs=%d",
now - sid->creationTime, sid->references));
*sidp = sid->next; /* delink it from the list. */
sid->cached = invalid_cache; /* mark not on list. */
ssl_FreeLockedSID(sid); /* drop ref count, free. */
}
else if (!memcmp(&sid->addr, addr, sizeof(PRIPv6Addr)) && /* server IP addr matches */
(sid->port == port) && /* server port matches */
/* proxy (peerID) matches */
(((peerID == NULL) && (sid->peerID == NULL)) ||
((peerID != NULL) && (sid->peerID != NULL) &&
PORT_Strcmp(sid->peerID, peerID) == 0)) &&
/* is cacheable */
(sid->version < SSL_LIBRARY_VERSION_3_0 ||
sid->u.ssl3.keys.resumable) &&
/* server hostname matches. */
(sid->urlSvrName != NULL) &&
(0 == PORT_Strcmp(urlSvrName, sid->urlSvrName))) {
*sidp = sid->next; /* delink it from the list. */
sid->cached = invalid_cache; /* mark not on list. */
ssl_FreeLockedSID(sid); /* drop ref count, free. */
} else if (!memcmp(&sid->addr, addr, sizeof(PRIPv6Addr)) && /* server IP addr matches */
(sid->port == port) && /* server port matches */
/* proxy (peerID) matches */
(((peerID == NULL) && (sid->peerID == NULL)) ||
((peerID != NULL) && (sid->peerID != NULL) &&
PORT_Strcmp(sid->peerID, peerID) == 0)) &&
/* is cacheable */
(sid->version < SSL_LIBRARY_VERSION_3_0 ||
sid->u.ssl3.keys.resumable) &&
/* server hostname matches. */
(sid->urlSvrName != NULL) &&
(0 == PORT_Strcmp(urlSvrName, sid->urlSvrName))) {
/* Hit */
sid->lastAccessTime = now;
sid->references++;
break;
}
else {
} else {
sidp = &sid->next;
}
}
@ -338,8 +335,7 @@ CacheSID(sslSessionID *sid)
sid->u.ssl2.masterKey.data, sid->u.ssl2.masterKey.len));
PRINT_BUF(8, (0, "cipherArg:",
sid->u.ssl2.cipherArg.data, sid->u.ssl2.cipherArg.len));
}
else {
} else {
if (sid->u.ssl3.sessionIDLength == 0 &&
sid->u.ssl3.locked.sessionTicket.ticket.data == NULL)
return;
@ -447,8 +443,7 @@ ssl_ChooseSessionIDProcs(sslSecurityInfo *sec)
if (sec->isServer) {
sec->cache = ssl_sid_cache;
sec->uncache = ssl_sid_uncache;
}
else {
} else {
sec->cache = CacheSID;
sec->uncache = LockAndUncacheSID;
}

51
security/nss/lib/ssl/sslsecur.c
Просмотреть файл

@ -221,8 +221,7 @@ SSL_ResetHandshake(PRFileDesc *s, PRBool asServer)
if (asServer) {
ss->handshake = ssl2_BeginServerHandshake;
ss->handshaking = sslHandshakingAsServer;
}
else {
} else {
ss->handshake = ssl2_BeginClientHandshake;
ss->handshaking = sslHandshakingAsClient;
}
@ -283,8 +282,7 @@ SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache)
if (ss->version < SSL_LIBRARY_VERSION_3_0) {
PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
rv = SECFailure;
}
else {
} else {
ssl_GetSSL3HandshakeLock(ss);
rv = ssl3_RedoHandshake(ss, flushCache); /* force full handshake. */
ssl_ReleaseSSL3HandshakeLock(ss);
@ -462,18 +460,14 @@ SSL_ForceHandshake(PRFileDesc *fd)
ssl_ReleaseRecvBufLock(ss);
if (gatherResult > 0) {
rv = SECSuccess;
}
else if (gatherResult == 0) {
} else if (gatherResult == 0) {
PORT_SetError(PR_END_OF_FILE_ERROR);
}
else if (gatherResult == SECWouldBlock) {
} else if (gatherResult == SECWouldBlock) {
PORT_SetError(PR_WOULD_BLOCK_ERROR);
}
}
else if (!ss->firstHsDone) {
} else if (!ss->firstHsDone) {
rv = ssl_Do1stHandshake(ss);
}
else {
} else {
/* tried to force handshake on an SSL 2 socket that has
** already completed the handshake. */
rv = SECSuccess; /* just pretend we did it. */
@ -512,8 +506,7 @@ sslBuffer_Grow(sslBuffer *b, unsigned int newLen)
unsigned char *newBuf;
if (b->buf) {
newBuf = (unsigned char *)PORT_Realloc(b->buf, newLen);
}
else {
} else {
newBuf = (unsigned char *)PORT_Alloc(newLen);
}
if (!newBuf) {
@ -622,8 +615,7 @@ DoRecv(sslSocket *ss, unsigned char *out, int len, int flags)
if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
/* Wait for application data to arrive. */
rv = ssl3_GatherAppDataRecord(ss, 0);
}
else {
} else {
/* See if we have a complete record */
rv = ssl2_GatherRecord(ss, 0);
}
@ -644,8 +636,7 @@ DoRecv(sslSocket *ss, unsigned char *out, int len, int flags)
** Gather record is blocked waiting for more record data to
** arrive. Try to process what we have already received
*/
}
else {
} else {
/* Gather record has finished getting a complete record */
}
@ -995,8 +986,7 @@ ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os)
ss->sec.hashcx = os->sec.hash->clone(os->sec.hashcx);
if (os->sec.hashcx && !ss->sec.hashcx)
goto loser;
}
else {
} else {
ss->sec.hash = NULL;
ss->sec.hashcx = NULL;
}
@ -1046,8 +1036,7 @@ ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset)
(*sec->destroy)(sec->writecx, PR_TRUE);
sec->readcx = NULL;
sec->writecx = NULL;
}
else {
} else {
PORT_Assert(sec->readcx == 0);
PORT_Assert(sec->writecx == 0);
}
@ -1104,8 +1093,7 @@ ssl_SecureConnect(sslSocket *ss, const PRNetAddr *sa)
if (ss->opt.handshakeAsServer) {
ss->securityHandshake = ssl2_BeginServerHandshake;
ss->handshaking = sslHandshakingAsServer;
}
else {
} else {
ss->securityHandshake = ssl2_BeginClientHandshake;
ss->handshaking = sslHandshakingAsClient;
}
@ -1114,8 +1102,7 @@ ssl_SecureConnect(sslSocket *ss, const PRNetAddr *sa)
rv = osfd->methods->connect(osfd, sa, ss->cTimeout);
if (rv == PR_SUCCESS) {
ss->TCPconnected = 1;
}
else {
} else {
int err = PR_GetError();
SSL_DBG(("%d: SSL[%d]: connect failed, errno=%d",
SSL_GETPID(), ss->fd, err));
@ -1357,8 +1344,7 @@ done:
if (rv < 0) {
SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count, error %d",
SSL_GETPID(), ss->fd, rv, PORT_GetError()));
}
else {
} else {
SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count",
SSL_GETPID(), ss->fd, rv));
}
@ -1519,8 +1505,7 @@ SSL_GetSessionID(PRFileDesc *fd)
item->len = SSL2_SESSIONID_BYTES;
item->data = (unsigned char *)PORT_Alloc(item->len);
PORT_Memcpy(item->data, sid->u.ssl2.sessionID, item->len);
}
else {
} else {
item->len = sid->u.ssl3.sessionIDLength;
item->data = (unsigned char *)PORT_Alloc(item->len);
PORT_Memcpy(item->data, sid->u.ssl3.sessionID, item->len);
@ -1591,12 +1576,10 @@ SSL_AuthCertificateComplete(PRFileDesc *fd, PRErrorCode error)
if (!ss->ssl3.initialized) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
}
else if (ss->version < SSL_LIBRARY_VERSION_3_0) {
} else if (ss->version < SSL_LIBRARY_VERSION_3_0) {
PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
rv = SECFailure;
}
else {
} else {
rv = ssl3_AuthCertificateComplete(ss, error);
}

54
security/nss/lib/ssl/sslsnce.c
Просмотреть файл

@ -491,8 +491,7 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
to->creationTime, to->addr.pr_s6_addr32[0],
to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2],
to->addr.pr_s6_addr32[3], to->u.ssl2.cipherType));
}
else {
} else {
/* This is an SSL v3 session */
to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
@ -566,8 +565,7 @@ ConvertToSID(sidCacheEntry *from,
to->addr.pr_s6_addr32[0], to->addr.pr_s6_addr32[1],
to->addr.pr_s6_addr32[2], to->addr.pr_s6_addr32[3],
to->u.ssl2.cipherType));
}
else {
} else {
/* This is an SSL v3 session */
to->u.ssl3.sessionIDLength = from->sessionIDLength;
@ -643,8 +641,7 @@ loser:
PORT_Free(to->u.ssl2.masterKey.data);
if (to->u.ssl2.cipherArg.data)
PORT_Free(to->u.ssl2.cipherArg.data);
}
else {
} else {
SECITEM_FreeItem(&to->u.ssl3.srvName, PR_FALSE);
}
PORT_Free(to);
@ -770,8 +767,7 @@ ServerSessionIDLookup(const PRIPv6Addr *addr,
!PORT_Memcmp(pcce->sessionID, psce->sessionID,
pcce->sessionIDLength)) {
cce = *pcce;
}
else {
} else {
/* The cert doesen't match the SID cache entry,
** so invalidate the SID cache entry.
*/
@ -780,8 +776,7 @@ ServerSessionIDLookup(const PRIPv6Addr *addr,
pcce = 0;
}
UnlockSidCacheLock(cache->certCacheLock);
}
else {
} else {
/* what the ??. Didn't get the cert cache lock.
** Don't invalidate the SID cache entry, but don't find it.
*/
@ -799,8 +794,7 @@ ServerSessionIDLookup(const PRIPv6Addr *addr,
if (!PORT_Memcmp(psnce->nameHash, psce->u.ssl3.srvNameHash,
SHA256_LENGTH)) {
snce = *psnce;
}
else {
} else {
/* The name doesen't match the SID cache entry,
** so invalidate the SID cache entry.
*/
@ -809,8 +803,7 @@ ServerSessionIDLookup(const PRIPv6Addr *addr,
psnce = 0;
}
UnlockSidCacheLock(cache->srvNameCacheLock);
}
else {
} else {
/* what the ??. Didn't get the cert cache lock.
** Don't invalidate the SID cache entry, but don't find it.
*/
@ -874,8 +867,7 @@ ServerSessionIDCache(sslSessionID *sid)
sid->u.ssl2.masterKey.len));
PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data,
sid->u.ssl2.cipherArg.len));
}
else {
} else {
/* override caller's expiration time, which uses client timeout
* duration, not server timeout duration.
*/
@ -957,8 +949,7 @@ ServerSessionIDUncache(sslSessionID *sid)
sid->u.ssl2.masterKey.len));
PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data,
sid->u.ssl2.cipherArg.len));
}
else {
} else {
sessionID = sid->u.ssl3.sessionID;
sessionIDLength = sid->u.ssl3.sessionIDLength;
SSL_TRC(8, ("%d: SSL3: UncacheMT: valid=%d addr=0x%08x%08x%08x%08x time=%x "
@ -1017,8 +1008,7 @@ CloseCache(cacheDesc *cache)
}
if (cache->shared) {
PR_MemUnmap(cache->cacheMem, cache->cacheMemSize);
}
else {
} else {
PORT_Free(cache->cacheMem);
}
cache->cacheMem = NULL;
@ -1162,8 +1152,7 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries,
ssl2_timeout = MIN_SSL2_TIMEOUT;
}
cache->ssl2Timeout = ssl2_timeout;
}
else {
} else {
cache->ssl2Timeout = DEF_SSL2_TIMEOUT;
}
@ -1175,8 +1164,7 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries,
ssl3_timeout = MIN_SSL3_TIMEOUT;
}
cache->ssl3Timeout = ssl3_timeout;
}
else {
} else {
cache->ssl3Timeout = DEF_SSL3_TIMEOUT;
}
@ -1211,8 +1199,7 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries,
}
cacheMem = PR_MemMap(cacheMemMap, 0, cache->cacheMemSize);
}
else {
} else {
cacheMem = PORT_Alloc(cache->cacheMemSize);
}
@ -1475,8 +1462,7 @@ SSL_ConfigServerSessionIDCacheWithOpt(
return ssl_ConfigServerSessionIDCacheInstanceWithOpt(&globalCache,
ssl2_timeout, ssl3_timeout, directory, PR_FALSE,
maxCacheEntries, maxCertCacheEntries, maxSrvNameCacheEntries);
}
else {
} else {
return ssl_ConfigMPServerSIDCacheWithOpt(ssl2_timeout, ssl3_timeout,
directory, maxCacheEntries, maxCertCacheEntries,
maxSrvNameCacheEntries);
@ -1822,8 +1808,7 @@ ssl_GetWrappingKey(PRInt32 symWrapMechIndex,
(unsigned)symWrapMechIndex < SSL_NUM_WRAP_MECHS) {
rv = getSvrWrappingKey(symWrapMechIndex, exchKeyType, wswk,
&globalCache, 0);
}
else {
} else {
rv = PR_FALSE;
}
@ -1868,8 +1853,7 @@ GenerateTicketKeys(void *pwArg, unsigned char *keyName, PK11SymKey **aesKey,
if (!cache->cacheMem) {
/* cache is not initalized. Use stack buffer */
ticketKeyNameSuffix = ticketKeyNameSuffixLocal;
}
else {
} else {
ticketKeyNameSuffix = cache->ticketKeyNameSuffix;
}
@ -2042,8 +2026,7 @@ ssl_GetSessionTicketKeys(unsigned char *keyName, unsigned char *encKey,
ticketKeyNameSuffix = ticketKeyNameSuffixLocal;
ticketEncKeyPtr = ticketEncKey;
ticketMacKeyPtr = ticketMacKey;
}
else {
} else {
/* these values have constant memory locations in the cache.
* Ok to reference them without holding the lock. */
ticketKeyNameSuffix = cache->ticketKeyNameSuffix;
@ -2134,8 +2117,7 @@ ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk)
if (rv) {
/* we found it on disk, copy it out to the caller. */
PORT_Memcpy(wswk, &myWswk, sizeof *wswk);
}
else {
} else {
/* Wasn't on disk, and we're still holding the lock, so write it. */
cache->keyCacheData[ndx] = *wswk;
}

186
security/nss/lib/ssl/sslsock.c
Просмотреть файл

@ -252,8 +252,7 @@ ssl_DupSocket(sslSocket *os)
}
PORT_Memcpy(ss->ssl3.dheGroups, os->ssl3.dheGroups,
sizeof(SSLDHEGroupType) * os->ssl3.numDHEGroups);
}
else {
} else {
ss->ssl3.dheGroups = NULL;
}
@ -264,8 +263,7 @@ ssl_DupSocket(sslSocket *os)
os->sizeCipherSpecs);
ss->sizeCipherSpecs = os->sizeCipherSpecs;
ss->preferredCipher = os->preferredCipher;
}
else {
} else {
ss->cipherSpecs = NULL; /* produced lazily */
ss->sizeCipherSpecs = 0;
ss->preferredCipher = NULL;
@ -284,26 +282,20 @@ ssl_DupSocket(sslSocket *os)
sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
if (!sc->serverCertChain)
goto loser;
}
else {
} else {
sc->serverCert = NULL;
sc->serverCertChain = NULL;
}
sc->serverKeyPair = oc->serverKeyPair ?
ssl3_GetKeyPairRef(oc->serverKeyPair)
sc->serverKeyPair = oc->serverKeyPair ? ssl3_GetKeyPairRef(oc->serverKeyPair)
: NULL;
if (oc->serverKeyPair && !sc->serverKeyPair)
goto loser;
sc->serverKeyBits = oc->serverKeyBits;
ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL :
SECITEM_DupArray(NULL, os->certStatusArray[i]);
ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL : SECITEM_DupArray(NULL, os->certStatusArray[i]);
}
ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL :
ssl3_GetKeyPairRef(os->stepDownKeyPair);
ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
ss->dheKeyPair = !os->dheKeyPair ? NULL :
ssl3_GetKeyPairRef(os->dheKeyPair);
ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : ssl3_GetKeyPairRef(os->stepDownKeyPair);
ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
ss->dheKeyPair = !os->dheKeyPair ? NULL : ssl3_GetKeyPairRef(os->dheKeyPair);
ss->dheParams = os->dheParams;
/*
@ -487,8 +479,7 @@ ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled)
if (osfd->methods->setsocketoption) {
rv = (SECStatus)osfd->methods->setsocketoption(osfd, &opt);
}
else {
} else {
PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
}
@ -578,13 +569,11 @@ ssl_EnableTLS(SSLVersionRange *vrange, PRBool on)
/* Expand the range of enabled version to include TLS 1.0 */
vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
}
else {
} else {
/* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */
if (vrange->min == SSL_LIBRARY_VERSION_3_0) {
vrange->max = SSL_LIBRARY_VERSION_3_0;
}
else {
} else {
/* Only TLS was enabled, so now no versions are. */
vrange->min = SSL_LIBRARY_VERSION_NONE;
vrange->max = SSL_LIBRARY_VERSION_NONE;
@ -619,13 +608,11 @@ ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on)
* we don't need to change vrange->max.
*/
vrange->min = SSL_LIBRARY_VERSION_3_0;
}
else {
} else {
/* Disable SSL 3.0, leaving TLS unaffected. */
if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
}
else {
} else {
/* Only SSL 3.0 was enabled, so now no versions are. */
vrange->min = SSL_LIBRARY_VERSION_NONE;
vrange->max = SSL_LIBRARY_VERSION_NONE;
@ -791,8 +778,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
if (ss->handshakeBegun) {
PORT_SetError(PR_INVALID_STATE_ERROR);
rv = SECFailure;
}
else {
} else {
if (PR_FALSE != on) {
if (PR_SUCCESS == SSL_BypassSetup()) {
#ifdef NO_PKCS11_BYPASS
@ -800,12 +786,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
#else
ss->opt.bypassPKCS11 = on;
#endif
}
else {
} else {
rv = SECFailure;
}
}
else {
} else {
ss->opt.bypassPKCS11 = PR_FALSE;
}
}
@ -822,8 +806,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
if (on) {
locksEverDisabled = PR_TRUE;
strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
}
else if (!holdingLocks) {
} else if (!holdingLocks) {
rv = ssl_MakeLocks(ss);
if (rv != SECSuccess) {
ss->opt.noLocks = PR_TRUE;
@ -1257,12 +1240,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
#else
ssl_defaults.bypassPKCS11 = on;
#endif
}
else {
} else {
return SECFailure;
}
}
else {
} else {
ssl_defaults.bypassPKCS11 = PR_FALSE;
}
break;
@ -1384,11 +1365,9 @@ ssl_CipherPolicySet(PRInt32 which, PRInt32 policy)
if (ssl_IsRemovedCipherSuite(which)) {
rv = SECSuccess;
}
else if (SSL_IS_SSL2_CIPHER(which)) {
} else if (SSL_IS_SSL2_CIPHER(which)) {
rv = ssl2_SetPolicy(which, policy);
}
else {
} else {
rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
}
return rv;
@ -1416,11 +1395,9 @@ SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy)
if (ssl_IsRemovedCipherSuite(which)) {
*oPolicy = SSL_NOT_ALLOWED;
rv = SECSuccess;
}
else if (SSL_IS_SSL2_CIPHER(which)) {
} else if (SSL_IS_SSL2_CIPHER(which)) {
rv = ssl2_GetPolicy(which, oPolicy);
}
else {
} else {
rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
}
return rv;
@ -1459,8 +1436,7 @@ ssl_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
}
if (SSL_IS_SSL2_CIPHER(which)) {
rv = ssl2_CipherPrefSetDefault(which, enabled);
}
else {
} else {
rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
}
return rv;
@ -1489,11 +1465,9 @@ SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled)
if (ssl_IsRemovedCipherSuite(which)) {
*enabled = PR_FALSE;
rv = SECSuccess;
}
else if (SSL_IS_SSL2_CIPHER(which)) {
} else if (SSL_IS_SSL2_CIPHER(which)) {
rv = ssl2_CipherPrefGetDefault(which, enabled);
}
else {
} else {
rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
}
return rv;
@ -1517,8 +1491,7 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
}
if (SSL_IS_SSL2_CIPHER(which)) {
rv = ssl2_CipherPrefSet(ss, which, enabled);
}
else {
} else {
rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
}
return rv;
@ -1542,11 +1515,9 @@ SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
if (ssl_IsRemovedCipherSuite(which)) {
*enabled = PR_FALSE;
rv = SECSuccess;
}
else if (SSL_IS_SSL2_CIPHER(which)) {
} else if (SSL_IS_SSL2_CIPHER(which)) {
rv = ssl2_CipherPrefGet(ss, which, enabled);
}
else {
} else {
rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
}
return rv;
@ -1763,13 +1734,11 @@ ssl3_SelectDHParams(sslSocket *ss)
if (ss->ssl3.dheWeakGroupEnabled) {
ss->dheParams = gWeakDHParams;
}
else {
} else {
if (ss->ssl3.dheGroups) {
selectedGroup = selectDHEGroup(ss, ss->ssl3.dheGroups,
ss->ssl3.numDHEGroups);
}
else {
} else {
size_t number_of_default_groups = PR_ARRAY_SIZE(ssl_default_dhe_groups);
selectedGroup = selectDHEGroup(ss, ssl_default_dhe_groups,
number_of_default_groups);
@ -1802,8 +1771,7 @@ ssl_ImportFD(PRFileDesc *model, PRFileDesc *fd, SSLProtocolVariant variant)
if (model == NULL) {
/* Just create a default socket if we're given NULL for the model */
ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant);
}
else {
} else {
sslSocket *ss = ssl_FindSocket(model);
if (ss == NULL || ss->protocolVariant != variant) {
SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD",
@ -1976,8 +1944,7 @@ SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf,
}
PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
*bufLen = ss->ssl3.nextProto.len;
}
else {
} else {
*bufLen = 0;
}
@ -2017,8 +1984,7 @@ SSL_SetSRTPCiphers(PRFileDesc *fd,
if (*srtpCipher) {
ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] =
ciphers[i];
}
else {
} else {
SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher "
"suite specified: 0x%04hx",
SSL_GETPID(), fd,
@ -2244,8 +2210,7 @@ ssl3_ConstrainVariantRangeByPolicy(SSLProtocolVariant protocolVariant)
vrange.max = PR_MIN(vrange.max, pvrange.max);
if (vrange.max >= vrange.min) {
*VERSIONS_DEFAULTS(protocolVariant) = vrange;
}
else {
} else {
/* there was no overlap, turn off range altogether */
pvrange.min = pvrange.max = SSL_LIBRARY_VERSION_NONE;
*VERSIONS_DEFAULTS(protocolVariant) = pvrange;
@ -2551,8 +2516,7 @@ ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
if (newfd == NULL) {
SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d",
SSL_GETPID(), ss->fd, PORT_GetError()));
}
else {
} else {
/* Create ssl module */
ns = ssl_DupSocket(ss);
}
@ -2577,8 +2541,7 @@ ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
if (ns->opt.handshakeAsClient) {
ns->handshake = ssl2_BeginClientHandshake;
ss->handshaking = sslHandshakingAsClient;
}
else {
} else {
ns->handshake = ssl2_BeginServerHandshake;
ss->handshaking = sslHandshakingAsServer;
}
@ -2611,7 +2574,7 @@ ssl_Connect(PRFileDesc *fd, const PRNetAddr *sockaddr, PRIntervalTime timeout)
SSL_LOCK_WRITER(ss);
ss->cTimeout = timeout;
rv = (PRStatus) (*ss->ops->connect)(ss, sockaddr);
rv = (PRStatus)(*ss->ops->connect)(ss, sockaddr);
SSL_UNLOCK_WRITER(ss);
SSL_UNLOCK_READER(ss);
@ -2632,7 +2595,7 @@ ssl_Bind(PRFileDesc *fd, const PRNetAddr *addr)
SSL_LOCK_READER(ss);
SSL_LOCK_WRITER(ss);
rv = (PRStatus) (*ss->ops->bind)(ss, addr);
rv = (PRStatus)(*ss->ops->bind)(ss, addr);
SSL_UNLOCK_WRITER(ss);
SSL_UNLOCK_READER(ss);
@ -2652,7 +2615,7 @@ ssl_Listen(PRFileDesc *fd, PRIntn backlog)
SSL_LOCK_READER(ss);
SSL_LOCK_WRITER(ss);
rv = (PRStatus) (*ss->ops->listen)(ss, backlog);
rv = (PRStatus)(*ss->ops->listen)(ss, backlog);
SSL_UNLOCK_WRITER(ss);
SSL_UNLOCK_READER(ss);
@ -2676,7 +2639,7 @@ ssl_Shutdown(PRFileDesc *fd, PRIntn how)
SSL_LOCK_WRITER(ss);
}
rv = (PRStatus) (*ss->ops->shutdown)(ss, how);
rv = (PRStatus)(*ss->ops->shutdown)(ss, how);
if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
SSL_UNLOCK_WRITER(ss);
@ -2709,7 +2672,7 @@ ssl_Close(PRFileDesc *fd)
** where the LOCK calls and the corresponding UNLOCK calls are not in
** the same function scope. The unlock calls are in ssl_FreeSocket().
*/
rv = (PRStatus) (*ss->ops->close)(ss);
rv = (PRStatus)(*ss->ops->close)(ss);
return rv;
}
@ -2806,7 +2769,7 @@ ssl_GetPeerName(PRFileDesc *fd, PRNetAddr *addr)
SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd));
return PR_FAILURE;
}
return (PRStatus) (*ss->ops->getpeername)(ss, addr);
return (PRStatus)(*ss->ops->getpeername)(ss, addr);
}
/*
@ -2829,12 +2792,10 @@ ssl_GetPeerInfo(sslSocket *ss)
if (sin.inet.family == PR_AF_INET) {
PR_ConvertIPv4AddrToIPv6(sin.inet.ip, &ss->sec.ci.peer);
ss->sec.ci.port = sin.inet.port;
}
else if (sin.ipv6.family == PR_AF_INET6) {
} else if (sin.ipv6.family == PR_AF_INET6) {
ss->sec.ci.peer = sin.ipv6.ip;
ss->sec.ci.port = sin.ipv6.port;
}
else {
} else {
PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR);
return SECFailure;
}
@ -2851,7 +2812,7 @@ ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name)
SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd));
return PR_FAILURE;
}
return (PRStatus) (*ss->ops->getsockname)(ss, name);
return (PRStatus)(*ss->ops->getsockname)(ss, name);
}
SECStatus
@ -2969,12 +2930,10 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
new_flags &= ~PR_POLL_RW;
if (ss->handshaking == sslHandshakingAsClient) {
new_flags |= PR_POLL_WRITE;
}
else { /* handshaking as server */
} else { /* handshaking as server */
new_flags |= PR_POLL_READ;
}
}
else
} else
/* First handshake is in progress */
if (ss->lastWriteBlocked) {
if (new_flags & PR_POLL_READ) {
@ -2986,8 +2945,7 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
new_flags ^= PR_POLL_READ; /* don't select on read. */
new_flags |= PR_POLL_WRITE; /* do select on write. */
}
}
else if (new_flags & PR_POLL_WRITE) {
} else if (new_flags & PR_POLL_WRITE) {
/* The caller is trying to write, but the handshake is
** blocked waiting for data to read, and the first
** handshake has been sent. So do NOT to poll on write
@ -3000,14 +2958,12 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
new_flags |= PR_POLL_READ; /* do select on read. */
}
}
}
else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
} else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
*p_out_flags = PR_POLL_READ; /* it's ready already. */
return new_flags;
}
else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
(ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
new_flags |= PR_POLL_WRITE; /* also select on write. */
} else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
(ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
new_flags |= PR_POLL_WRITE; /* also select on write. */
}
if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
@ -3024,8 +2980,7 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
* of the application spinning.
*/
new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
}
else {
} else {
/* Unfortunately, clearing new_flags will make it impossible for
* the application to detect errors that it would otherwise be
* able to detect with PR_POLL_EXCEPT, until the asynchronous
@ -3052,8 +3007,7 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
out_flags |= PR_POLL_READ;
*p_out_flags = out_flags;
new_flags = how_flags;
}
else {
} else {
*p_out_flags = lower_out_flags;
new_flags = lower_new_flags;
}
@ -3153,8 +3107,7 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
(PR_GetError() == PR_WOULD_BLOCK_ERROR) && \
(sent > 0)) { \
return sent; \
} \
else { \
} else { \
return -1; \
} \
} \
@ -3209,15 +3162,12 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
if (!vectors || myIov.iov_len > limit) {
addLen = 0;
}
else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
} else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
/* Addlen is already computed. */;
}
else if (vectors > 1 &&
iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
} else if (vectors > 1 &&
iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
addLen = limit - myIov.iov_len;
}
else
} else
addLen = 0;
if (!addLen) {
@ -3237,17 +3187,14 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
left = PR_MIN(limit, K16 - bufLen);
if (!vectors /* no more left */
|| myIov.iov_len > 0 /* we didn't use that one all up */
|| bufLen >= K16 /* it's full. */ ) {
|| bufLen >= K16 /* it's full. */) {
addLen = 0;
}
else if ((addLen = iov->iov_len % K16) <= left) {
} else if ((addLen = iov->iov_len % K16) <= left) {
/* Addlen is already computed. */;
}
else if (vectors > 1 &&
iov[1].iov_len % K16 + addLen <= left + limit) {
} else if (vectors > 1 &&
iov[1].iov_len % K16 + addLen <= left + limit) {
addLen = left;
}
else
} else
addLen = 0;
} while (addLen);
@ -3552,8 +3499,7 @@ ssl_SetDefaultsFromEnvironment(void)
ssl_keylog_iob = fopen(ev, "a");
if (!ssl_keylog_iob) {
SSL_TRACE(("SSL: failed to open key log file"));
}
else {
} else {
if (ftell(ssl_keylog_iob) == 0) {
fputs("# SSL/TLS secrets log file, generated by NSS\n",
ssl_keylog_iob);

18
security/nss/lib/ssl/ssltrace.c
Просмотреть файл

@ -44,8 +44,7 @@ ssl_PrintBuf(sslSocket *ss, const char *msg, const void *vp, int len)
if (ss) {
SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", SSL_GETPID(), ss->fd,
msg, len));
}
else {
} else {
SSL_TRACE(("%d: SSL: %s [Len: %d]", SSL_GETPID(), msg, len));
}
memset(buf, ' ', sizeof buf);
@ -78,8 +77,7 @@ PrintType(sslSocket *ss, char *msg)
{
if (ss) {
SSL_TRACE(("%d: SSL[%d]: dump-msg: %s", SSL_GETPID(), ss->fd, msg));
}
else {
} else {
SSL_TRACE(("%d: SSL: dump-msg: %s", SSL_GETPID(), msg));
}
}
@ -89,8 +87,7 @@ PrintInt(sslSocket *ss, char *msg, unsigned v)
{
if (ss) {
SSL_TRACE(("%d: SSL[%d]: %s=%u", SSL_GETPID(), ss->fd, msg, v));
}
else {
} else {
SSL_TRACE(("%d: SSL: %s=%u", SSL_GETPID(), msg, v));
}
}
@ -108,8 +105,7 @@ PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len)
if (ss) {
SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]",
SSL_GETPID(), ss->fd, msg, len));
}
else {
} else {
SSL_TRACE(("%d: SSL: %s [Len: %d]",
SSL_GETPID(), msg, len));
}
@ -124,8 +120,7 @@ PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len)
if (ss) {
SSL_TRACE(("%d: SSL[%d]: %s",
SSL_GETPID(), ss->fd, buf));
}
else {
} else {
SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf));
}
bp = buf;
@ -136,8 +131,7 @@ PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len)
if (ss) {
SSL_TRACE(("%d: SSL[%d]: %s",
SSL_GETPID(), ss->fd, buf));
}
else {
} else {
SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf));
}
}

37
security/nss/lib/ssl/tls13con.c
Просмотреть файл

@ -645,8 +645,7 @@ tls13_SendServerHelloSequence(sslSocket *ss)
if ((ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) ||
(ss->ssl3.hs.kea_def->kea == kea_dhe_rsa)) {
certIndex = kt_rsa;
}
else {
} else {
certIndex = ss->ssl3.hs.kea_def->exchKeyType;
}
rv = ssl3_SendCertificateVerify(ss, ss->serverCerts[certIndex].SERVERKEY);
@ -748,8 +747,7 @@ tls13_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
if (ss->sec.isServer) {
rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_CERTIFICATE,
wait_client_cert);
}
else {
} else {
rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_CERTIFICATE,
wait_cert_request, wait_server_cert);
}
@ -767,8 +765,7 @@ tls13_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
illegal_parameter);
return SECFailure;
}
}
else {
} else {
if (!context.len || context.len != ss->ssl3.hs.certReqContextLen ||
(NSS_SecureMemcmp(ss->ssl3.hs.certReqContext,
context.data, context.len) != 0)) {
@ -1074,8 +1071,7 @@ tls13_InitCipherSpec(sslSocket *ss, TrafficKeyType type, InstallCipherSpecDirect
/* Generic behaviors -- common to all crypto methods */
if (!IS_DTLS(ss)) {
pwSpec->read_seq_num.high = pwSpec->write_seq_num.high = 0;
}
else {
} else {
if (cwSpec->epoch == PR_UINT16_MAX) {
/* The problem here is that we have rehandshaked too many
* times (you are not allowed to wrap the epoch). The
@ -1231,7 +1227,7 @@ void
tls13_DestroyKeyShareEntry(TLS13KeyShareEntry *offer)
{
SECITEM_ZfreeItem(&offer->key_exchange, PR_FALSE);
PORT_ZFree(offer, sizeof(offer));
PORT_ZFree(offer, sizeof(*offer));
}
void
@ -1310,8 +1306,7 @@ tls13_AESGCM(ssl3KeyMaterial *keys,
if (doDecrypt) {
rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,
maxout, in, inlen);
}
else {
} else {
rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,
maxout, in, inlen);
}
@ -1599,7 +1594,7 @@ tls13_SendFinished(sslSocket *ss)
/* TODO(ekr@rtfm.com): Record key log */
return SECSuccess;
alert_loser:
alert_loser:
(void)SSL3_SendAlert(ss, alert_fatal, internal_error);
PORT_SetError(errCode); /* Restore error code */
return rv;
@ -1660,8 +1655,7 @@ tls13_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
}
rv = tls13_FinishHandshake(ss);
}
else {
} else {
if (ss->ssl3.hs.authCertificatePending) {
/* TODO(ekr@rtfm.com): Handle pending auth */
FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
@ -1739,8 +1733,7 @@ tls13_SendClientSecondRound(sslSocket *ss)
if (rv != SECSuccess) {
goto loser; /* error code is set. */
}
}
else if (sendClientCert) {
} else if (sendClientCert) {
rv = ssl3_SendCertificate(ss);
if (rv != SECSuccess) {
goto loser; /* error code is set. */
@ -1933,8 +1926,7 @@ tls13_ProtectRecord(sslSocket *ss,
if (cipher_def->calg == ssl_calg_null) {
/* Shortcut for plaintext */
cipherBytes = contentLen;
}
else {
} else {
unsigned char aad[8];
PORT_Assert(cipher_def->type == type_aead);
@ -1972,8 +1964,7 @@ tls13_ProtectRecord(sslSocket *ss,
(void)tls13_EncodeUintX(cwSpec->write_seq_num.high, 4, &wrBuf->buf[3]);
(void)tls13_EncodeUintX(cwSpec->write_seq_num.low, 4, &wrBuf->buf[7]);
(void)tls13_EncodeUintX(cipherBytes, 2, &wrBuf->buf[11]);
}
else {
} else {
(void)tls13_EncodeUintX(kRecordVersion, 2, &wrBuf->buf[1]);
(void)tls13_EncodeUintX(cipherBytes, 2, &wrBuf->buf[3]);
}
@ -2029,10 +2020,8 @@ tls13_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext
/* Decrypt */
PORT_Assert(cipher_def->type == type_aead);
tls13_FormatAdditionalData(aad, sizeof(aad),
IS_DTLS(ss) ?
cText->seq_num
:
crSpec->read_seq_num);
IS_DTLS(ss) ? cText->seq_num
: crSpec->read_seq_num);
rv = crSpec->aead(
ss->sec.isServer ? &crSpec->client : &crSpec->server,
PR_TRUE, /* do decrypt */

10
security/nss/lib/ssl/tls13hkdf.c
Просмотреть файл

@ -60,8 +60,7 @@ tls13_HkdfExtract(PK11SymKey *ikm1, PK11SymKey *ikm2, SSLHashType baseHash,
params.pSalt = salt->data;
params.ulSaltLen = salt->len;
PORT_Assert(salt->len > 0);
}
else {
} else {
/* Per documentation for CKM_NSS_HKDF_*:
*
* If the optional salt is given, it is used; otherwise, the salt is
@ -104,8 +103,7 @@ tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash,
if (handshakeHash) {
PORT_Assert(handshakeHashLen == kTlsHkdfInfo[baseHash].hashSize);
}
else {
} else {
PORT_Assert(!handshakeHashLen);
}
@ -185,6 +183,10 @@ tls13_HkdfExpandLabelRaw(PK11SymKey *prk, SSLHashType baseHash,
label, labelLen,
kTlsHkdfInfo[baseHash].pkcs11Mech, outputLen,
&derived);
if (rv != SECSuccess || !derived) {
goto abort;
}
rv = PK11_ExtractKeyValue(derived);
if (rv != SECSuccess) {
goto abort;