From e3c13af9761895a19fb1f58abf920190aa739348 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Thu, 5 Sep 2019 15:30:32 +0200 Subject: Properly implement various HSTS states. Previously, HSTS preload list values could be overridden temporarily due to counter-intuitive behavior of the API's removeState function. This adds an explicit flag to the API for writing knockout values to the Site Security Service, with the default resetting to whatever the preload list state is. --- security/manager/ssl/nsISiteSecurityService.idl | 12 +++++++--- security/manager/ssl/nsSiteSecurityService.cpp | 31 ++++++++++++++----------- 2 files changed, 27 insertions(+), 16 deletions(-) (limited to 'security') diff --git a/security/manager/ssl/nsISiteSecurityService.idl b/security/manager/ssl/nsISiteSecurityService.idl index 753f32b571..b615771524 100644 --- a/security/manager/ssl/nsISiteSecurityService.idl +++ b/security/manager/ssl/nsISiteSecurityService.idl @@ -23,7 +23,7 @@ namespace mozilla [ref] native nsCStringTArrayRef(nsTArray); [ref] native mozillaPkixTime(mozilla::pkix::Time); -[scriptable, uuid(275127f8-dbd7-4681-afbf-6df0c6587a01)] +[scriptable, uuid(233908bd-6741-4474-a6e1-f298c6ce9eaf)] interface nsISiteSecurityService : nsISupports { const uint32_t HEADER_HSTS = 0; @@ -98,15 +98,21 @@ interface nsISiteSecurityService : nsISupports * Given a header type, removes state relating to that header of a host, * including the includeSubdomains state that would affect subdomains. * This essentially removes the state for the domain tree rooted at this - * host. + * host. If any preloaded information is present for that host, that + * information will then be used instead of any other previously existing + * state, unless the force parameter is set. + * * @param aType the type of security state in question * @param aURI the URI of the target host * @param aFlags options for this request as defined in nsISocketProvider: * NO_PERMANENT_STORAGE + * @param force if set, forces no-HSTS state by writing a knockout value, + * overriding any preload list state */ void removeState(in uint32_t aType, in nsIURI aURI, - in uint32_t aFlags); + in uint32_t aFlags, + [optional] in boolean force); /** * See isSecureURI diff --git a/security/manager/ssl/nsSiteSecurityService.cpp b/security/manager/ssl/nsSiteSecurityService.cpp index cfee79d8d1..44ee7dcc07 100644 --- a/security/manager/ssl/nsSiteSecurityService.cpp +++ b/security/manager/ssl/nsSiteSecurityService.cpp @@ -330,21 +330,22 @@ nsSiteSecurityService::SetHSTSState(uint32_t aType, uint32_t flags, SecurityPropertyState aHSTSState) { - // If max-age is zero, that's an indication to immediately remove the - // security state, so here's a shortcut. - if (!maxage) { - return RemoveState(aType, aSourceURI, flags); + // Exit early if STS not enabled + if (!mUseStsService) { + return NS_OK; + } + + // If max-age is zero, the host is no longer considered HSTS. If the host was + // preloaded, we store an entry indicating that this host is not HSTS, causing + // the preloaded information to be ignored. + if (maxage == 0) { + return RemoveState(aType, aSourceURI, flags, true); } MOZ_ASSERT((aHSTSState == SecurityPropertySet || aHSTSState == SecurityPropertyNegative), "HSTS State must be SecurityPropertySet or SecurityPropertyNegative"); - // Exit early if STS not enabled - if (!mUseStsService) { - return NS_OK; - } - int64_t expiretime = ExpireTimeFromMaxAge(maxage); SiteHSTSState siteState(expiretime, aHSTSState, includeSubdomains); nsAutoCString stateString; @@ -367,7 +368,7 @@ nsSiteSecurityService::SetHSTSState(uint32_t aType, NS_IMETHODIMP nsSiteSecurityService::RemoveState(uint32_t aType, nsIURI* aURI, - uint32_t aFlags) + uint32_t aFlags, bool force = false) { // Child processes are not allowed direct access to this. if (!XRE_IsParentProcess()) { @@ -387,8 +388,9 @@ nsSiteSecurityService::RemoveState(uint32_t aType, nsIURI* aURI, mozilla::DataStorageType storageType = isPrivate ? mozilla::DataStorage_Private : mozilla::DataStorage_Persistent; - // If this host is in the preload list, we have to store a knockout entry. - if (GetPreloadListEntry(hostname.get())) { + // If this host is in the preload list, we have to store a knockout entry + // if it's explicitly forced to not be HSTS anymore + if (force && GetPreloadListEntry(hostname.get())) { SSSLOG(("SSS: storing knockout entry for %s", hostname.get())); SiteHSTSState siteState(0, SecurityPropertyKnockout, false); nsAutoCString stateString; @@ -769,7 +771,10 @@ nsSiteSecurityService::ProcessPKPHeader(nsIURI* aSourceURI, return NS_ERROR_FAILURE; } - // if maxAge == 0 we must delete all state, for now no hole-punching + // If maxAge == 0, we remove dynamic HPKP state for this host. Due to + // architectural constraints, if this host was preloaded, any future lookups + // will use the preloaded state (i.e. we can't store a "this host is not HPKP" + // entry like we can for HSTS). if (maxAge == 0) { return RemoveState(aType, aSourceURI, aFlags); } -- cgit v1.2.3 From fca7c45a62542e0f625122222386cbee9b76243f Mon Sep 17 00:00:00 2001 From: athenian200 Date: Wed, 2 Oct 2019 18:26:54 -0500 Subject: MoonchildProductions#1251 - Part 16: Resolve namespace conflicts with dbm on Solaris. https://bugzilla.mozilla.org/show_bug.cgi?id=1513913 Mozilla's solution to this is arguably overkill, since the namespace issue on Solaris only required them to change (or temporarily undefine) __log2. Instead they changed ALL the functions to be something along the lines of dbm_log2. They haven't changed the external interface at all, though. If you're unhappy with this patch, I think I could also use XP_SOLARIS ifdefs to undefine __log2 prior to where it's declared in the dbm headers. The good thing about Mozilla's solution is that it guarantees this namespace issue never occurs again on any platform, though. --- security/nss/lib/dbm/include/extern.h | 48 ++++++++++----------- security/nss/lib/dbm/include/hash.h | 50 +++++++++++----------- security/nss/lib/dbm/include/mcom_db.h | 24 +++++------ security/nss/lib/dbm/include/ncompat.h | 6 +-- security/nss/lib/dbm/src/db.c | 25 +++++------ security/nss/lib/dbm/src/h_bigkey.c | 61 ++++++++++++++------------- security/nss/lib/dbm/src/h_func.c | 3 +- security/nss/lib/dbm/src/h_log2.c | 3 +- security/nss/lib/dbm/src/h_page.c | 77 +++++++++++++++++----------------- security/nss/lib/dbm/src/hash.c | 71 +++++++++++++++---------------- security/nss/lib/dbm/src/hash_buf.c | 25 +++++------ 11 files changed, 200 insertions(+), 193 deletions(-) (limited to 'security') diff --git a/security/nss/lib/dbm/include/extern.h b/security/nss/lib/dbm/include/extern.h index 897369fb89..4fbdc2d803 100644 --- a/security/nss/lib/dbm/include/extern.h +++ b/security/nss/lib/dbm/include/extern.h @@ -31,32 +31,32 @@ * @(#)extern.h 8.4 (Berkeley) 6/16/94 */ -BUFHEAD *__add_ovflpage(HTAB *, BUFHEAD *); -int __addel(HTAB *, BUFHEAD *, const DBT *, const DBT *); -int __big_delete(HTAB *, BUFHEAD *); -int __big_insert(HTAB *, BUFHEAD *, const DBT *, const DBT *); -int __big_keydata(HTAB *, BUFHEAD *, DBT *, DBT *, int); -int __big_return(HTAB *, BUFHEAD *, int, DBT *, int); -int __big_split(HTAB *, BUFHEAD *, BUFHEAD *, BUFHEAD *, - uint32, uint32, SPLIT_RETURN *); -int __buf_free(HTAB *, int, int); -void __buf_init(HTAB *, int); -uint32 __call_hash(HTAB *, char *, size_t); -int __delpair(HTAB *, BUFHEAD *, int); -int __expand_table(HTAB *); -int __find_bigpair(HTAB *, BUFHEAD *, int, char *, int); -uint16 __find_last_page(HTAB *, BUFHEAD **); -void __free_ovflpage(HTAB *, BUFHEAD *); -BUFHEAD *__get_buf(HTAB *, uint32, BUFHEAD *, int); -int __get_page(HTAB *, char *, uint32, int, int, int); -int __ibitmap(HTAB *, int, int, int); -uint32 __log2(uint32); -int __put_page(HTAB *, char *, uint32, int, int); -void __reclaim_buf(HTAB *, BUFHEAD *); -int __split_page(HTAB *, uint32, uint32); +BUFHEAD *dbm_add_ovflpage(HTAB *, BUFHEAD *); +int dbm_addel(HTAB *, BUFHEAD *, const DBT *, const DBT *); +int dbm_big_delete(HTAB *, BUFHEAD *); +int dbm_big_insert(HTAB *, BUFHEAD *, const DBT *, const DBT *); +int dbm_big_keydata(HTAB *, BUFHEAD *, DBT *, DBT *, int); +int dbm_big_return(HTAB *, BUFHEAD *, int, DBT *, int); +int dbm_big_split(HTAB *, BUFHEAD *, BUFHEAD *, BUFHEAD *, + uint32, uint32, SPLIT_RETURN *); +int dbm_buf_free(HTAB *, int, int); +void dbm_buf_init(HTAB *, int); +uint32 dbm_call_hash(HTAB *, char *, size_t); +int dbm_delpair(HTAB *, BUFHEAD *, int); +int dbm_expand_table(HTAB *); +int dbm_find_bigpair(HTAB *, BUFHEAD *, int, char *, int); +uint16 dbm_find_last_page(HTAB *, BUFHEAD **); +void dbm_free_ovflpage(HTAB *, BUFHEAD *); +BUFHEAD *dbm_get_buf(HTAB *, uint32, BUFHEAD *, int); +int dbm_get_page(HTAB *, char *, uint32, int, int, int); +int dbm_ibitmap(HTAB *, int, int, int); +uint32 dbm_log2(uint32); +int dbm_put_page(HTAB *, char *, uint32, int, int); +void dbm_reclaim_buf(HTAB *, BUFHEAD *); +int dbm_split_page(HTAB *, uint32, uint32); /* Default hash routine. */ -extern uint32 (*__default_hash)(const void *, size_t); +extern uint32 (*dbm_default_hash)(const void *, size_t); #ifdef HASH_STATISTICS extern int hash_accesses, hash_collisions, hash_expansions, hash_overflows; diff --git a/security/nss/lib/dbm/include/hash.h b/security/nss/lib/dbm/include/hash.h index 7da51dc64e..0ce3c3ff24 100644 --- a/security/nss/lib/dbm/include/hash.h +++ b/security/nss/lib/dbm/include/hash.h @@ -190,7 +190,7 @@ typedef struct htab { /* Memory resident data structure */ #define OADDR_OF(S, O) ((uint32)((uint32)(S) << SPLITSHIFT) + (O)) #define BUCKET_TO_PAGE(B) \ - (B) + hashp->HDRPAGES + ((B) ? hashp->SPARES[__log2((uint32)((B) + 1)) - 1] : 0) + (B) + hashp->HDRPAGES + ((B) ? hashp->SPARES[dbm_log2((uint32)((B) + 1)) - 1] : 0) #define OADDR_TO_PAGE(B) \ BUCKET_TO_PAGE((1 << SPLITNUM((B))) - 1) + OPAGENUM((B)); @@ -314,28 +314,28 @@ typedef struct htab { /* Memory resident data structure */ #define NEXT_FREE hdr.next_free #define H_CHARKEY hdr.h_charkey -extern uint32 (*__default_hash)(const void *, size_t); -void __buf_init(HTAB *hashp, int32 nbytes); -int __big_delete(HTAB *hashp, BUFHEAD *bufp); -BUFHEAD *__get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage); -uint32 __call_hash(HTAB *hashp, char *k, size_t len); +extern uint32 (*dbm_default_hash)(const void *, size_t); +void dbm_buf_init(HTAB *hashp, int32 nbytes); +int dbm_big_delete(HTAB *hashp, BUFHEAD *bufp); +BUFHEAD *dbm_get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage); +uint32 dbm_call_hash(HTAB *hashp, char *k, size_t len); #include "page.h" -extern int __big_split(HTAB *hashp, BUFHEAD *op, BUFHEAD *np, - BUFHEAD *big_keyp, uint32 addr, uint32 obucket, SPLIT_RETURN *ret); -void __free_ovflpage(HTAB *hashp, BUFHEAD *obufp); -BUFHEAD *__add_ovflpage(HTAB *hashp, BUFHEAD *bufp); -int __big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val); -int __expand_table(HTAB *hashp); -uint32 __log2(uint32 num); -void __reclaim_buf(HTAB *hashp, BUFHEAD *bp); -int __get_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_disk, int is_bitmap); -int __put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap); -int __ibitmap(HTAB *hashp, int pnum, int nbits, int ndx); -int __buf_free(HTAB *hashp, int do_free, int to_disk); -int __find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size); -uint16 __find_last_page(HTAB *hashp, BUFHEAD **bpp); -int __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val); -int __big_return(HTAB *hashp, BUFHEAD *bufp, int ndx, DBT *val, int set_current); -int __delpair(HTAB *hashp, BUFHEAD *bufp, int ndx); -int __big_keydata(HTAB *hashp, BUFHEAD *bufp, DBT *key, DBT *val, int set); -int __split_page(HTAB *hashp, uint32 obucket, uint32 nbucket); +extern int dbm_big_split(HTAB *hashp, BUFHEAD *op, BUFHEAD *np, + BUFHEAD *big_keyp, uint32 addr, uint32 obucket, SPLIT_RETURN *ret); +void dbm_free_ovflpage(HTAB *hashp, BUFHEAD *obufp); +BUFHEAD *dbm_add_ovflpage(HTAB *hashp, BUFHEAD *bufp); +int dbm_big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val); +int dbm_expand_table(HTAB *hashp); +uint32 dbm_log2(uint32 num); +void dbm_reclaim_buf(HTAB *hashp, BUFHEAD *bp); +int dbm_get_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_disk, int is_bitmap); +int dbm_put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap); +int dbm_ibitmap(HTAB *hashp, int pnum, int nbits, int ndx); +int dbm_buf_free(HTAB *hashp, int do_free, int to_disk); +int dbm_find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size); +uint16 dbm_find_last_page(HTAB *hashp, BUFHEAD **bpp); +int dbm_addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val); +int dbm_big_return(HTAB *hashp, BUFHEAD *bufp, int ndx, DBT *val, int set_current); +int dbm_delpair(HTAB *hashp, BUFHEAD *bufp, int ndx); +int dbm_big_keydata(HTAB *hashp, BUFHEAD *bufp, DBT *key, DBT *val, int set); +int dbm_split_page(HTAB *hashp, uint32 obucket, uint32 nbucket); diff --git a/security/nss/lib/dbm/include/mcom_db.h b/security/nss/lib/dbm/include/mcom_db.h index 0a4f6dc140..e961dd1b40 100644 --- a/security/nss/lib/dbm/include/mcom_db.h +++ b/security/nss/lib/dbm/include/mcom_db.h @@ -287,16 +287,16 @@ typedef enum { LockOutDatabase, #endif /* Access method description structure. */ -typedef struct __db { +typedef struct dbm_db { DBTYPE type; /* Underlying db type. */ - int (*close)(struct __db *); - int (*del)(const struct __db *, const DBT *, uint); - int (*get)(const struct __db *, const DBT *, DBT *, uint); - int (*put)(const struct __db *, DBT *, const DBT *, uint); - int (*seq)(const struct __db *, DBT *, DBT *, uint); - int (*sync)(const struct __db *, uint); + int (*close)(struct dbm_db *); + int (*del)(const struct dbm_db *, const DBT *, uint); + int (*get)(const struct dbm_db *, const DBT *, DBT *, uint); + int (*put)(const struct dbm_db *, DBT *, const DBT *, uint); + int (*seq)(const struct dbm_db *, DBT *, DBT *, uint); + int (*sync)(const struct dbm_db *, uint); void *internal; /* Access method private. */ - int (*fd)(const struct __db *); + int (*fd)(const struct dbm_db *); } DB; #define BTREEMAGIC 0x053162 @@ -412,10 +412,10 @@ dbopen(const char *, int, int, DBTYPE, const void *); void dbSetOrClearDBLock(DBLockFlagEnum type); #ifdef __DBINTERFACE_PRIVATE -DB *__bt_open(const char *, int, int, const BTREEINFO *, int); -DB *__hash_open(const char *, int, int, const HASHINFO *, int); -DB *__rec_open(const char *, int, int, const RECNOINFO *, int); -void __dbpanic(DB *dbp); +DB *dbm_bt_open(const char *, int, int, const BTREEINFO *, int); +DB *dbm_hash_open(const char *, int, int, const HASHINFO *, int); +DB *dbm_rec_open(const char *, int, int, const RECNOINFO *, int); +void dbm_dbpanic(DB *dbp); #endif PR_END_EXTERN_C diff --git a/security/nss/lib/dbm/include/ncompat.h b/security/nss/lib/dbm/include/ncompat.h index 9fd4347993..f9f631622e 100644 --- a/security/nss/lib/dbm/include/ncompat.h +++ b/security/nss/lib/dbm/include/ncompat.h @@ -89,13 +89,13 @@ typedef unsigned int sigset_t; #define SIG_UNBLOCK 2 #define SIG_SETMASK 3 -static int __sigtemp; /* For the use of sigprocmask */ +static int dbm_sigtemp; /* For the use of sigprocmask */ /* Repeated test of oset != NULL is to avoid "*0". */ #define sigprocmask(how, set, oset) \ - ((__sigtemp = \ + ((dbm_sigtemp = \ (((how) == SIG_BLOCK) ? sigblock(0) | *(set) : (((how) == SIG_UNBLOCK) ? sigblock(0) & ~(*(set)) : ((how) == SIG_SETMASK ? *(set) : sigblock(0))))), \ - ((oset) ? (*(oset ? oset : set) = sigsetmask(__sigtemp)) : sigsetmask(__sigtemp)), 0) + ((oset) ? (*(oset ? oset : set) = sigsetmask(dbm_sigtemp)) : sigsetmask(dbm_sigtemp)), 0) #endif /* diff --git a/security/nss/lib/dbm/src/db.c b/security/nss/lib/dbm/src/db.c index 5c35bbd485..4b5810760a 100644 --- a/security/nss/lib/dbm/src/db.c +++ b/security/nss/lib/dbm/src/db.c @@ -92,16 +92,16 @@ dbopen(const char *fname, int flags, int mode, DBTYPE type, const void *openinfo /* we don't need btree and recno right now */ #if 0 case DB_BTREE: - return (__bt_open(fname, flags & USE_OPEN_FLAGS, + return (dbm_bt_open(fname, flags & USE_OPEN_FLAGS, mode, openinfo, flags & DB_FLAGS)); case DB_RECNO: - return (__rec_open(fname, flags & USE_OPEN_FLAGS, + return (dbm_rec_open(fname, flags & USE_OPEN_FLAGS, mode, openinfo, flags & DB_FLAGS)); #endif case DB_HASH: - return (__hash_open(fname, flags & USE_OPEN_FLAGS, - mode, (const HASHINFO *)openinfo, flags & DB_FLAGS)); + return (dbm_hash_open(fname, flags & USE_OPEN_FLAGS, + mode, (const HASHINFO *)openinfo, flags & DB_FLAGS)); default: break; } @@ -110,7 +110,7 @@ dbopen(const char *fname, int flags, int mode, DBTYPE type, const void *openinfo } static int -__dberr() +dbm_dberr() { return (RET_ERROR); } @@ -122,13 +122,14 @@ __dberr() * dbp: pointer to the DB structure. */ void -__dbpanic(DB *dbp) +dbm_dbpanic(DB *dbp) { /* The only thing that can succeed is a close. */ - dbp->del = (int (*)(const struct __db *, const DBT *, uint))__dberr; - dbp->fd = (int (*)(const struct __db *))__dberr; - dbp->get = (int (*)(const struct __db *, const DBT *, DBT *, uint))__dberr; - dbp->put = (int (*)(const struct __db *, DBT *, const DBT *, uint))__dberr; - dbp->seq = (int (*)(const struct __db *, DBT *, DBT *, uint))__dberr; - dbp->sync = (int (*)(const struct __db *, uint))__dberr; + dbp->del = (int (*)(const struct dbm_db *, const DBT *, uint))dbm_dberr; + dbp->fd = (int (*)(const struct dbm_db *))dbm_dberr; + dbp->get = (int (*)(const struct dbm_db *, const DBT *, DBT *, uint))dbm_dberr; + dbp->put = (int (*)(const struct dbm_db *, DBT *, const DBT *, uint))dbm_dberr; + dbp->seq = (int (*)(const struct dbm_db *, DBT *, DBT *, uint))dbm_dberr; + dbp->sync = (int (*)(const struct dbm_db *, uint))dbm_dberr; + } diff --git a/security/nss/lib/dbm/src/h_bigkey.c b/security/nss/lib/dbm/src/h_bigkey.c index 6edfe7f5a3..795c7a09dd 100644 --- a/security/nss/lib/dbm/src/h_bigkey.c +++ b/security/nss/lib/dbm/src/h_bigkey.c @@ -85,7 +85,7 @@ static int collect_data(HTAB *, BUFHEAD *, int, int); *-1 ==> ERROR */ extern int -__big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) +dbm_big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) { register uint16 *p; uint key_size, n, val_size; @@ -114,7 +114,7 @@ __big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) FREESPACE(p) = off - PAGE_META(n); OFFSET(p) = off; p[n] = PARTIAL_KEY; - bufp = __add_ovflpage(hashp, bufp); + bufp = dbm_add_ovflpage(hashp, bufp); if (!bufp) return (-1); n = p[0]; @@ -158,7 +158,7 @@ __big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) OFFSET(p) = off; if (val_size) { p[n] = FULL_KEY; - bufp = __add_ovflpage(hashp, bufp); + bufp = dbm_add_ovflpage(hashp, bufp); if (!bufp) return (-1); cp = bufp->page; @@ -182,7 +182,7 @@ __big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) *-1 => ERROR */ extern int -__big_delete(HTAB *hashp, BUFHEAD *bufp) +dbm_big_delete(HTAB *hashp, BUFHEAD *bufp) { register BUFHEAD *last_bfp, *rbufp; uint16 *bp, pageno; @@ -207,9 +207,9 @@ __big_delete(HTAB *hashp, BUFHEAD *bufp) break; pageno = bp[bp[0] - 1]; rbufp->flags |= BUF_MOD; - rbufp = __get_buf(hashp, pageno, rbufp, 0); + rbufp = dbm_get_buf(hashp, pageno, rbufp, 0); if (last_bfp) - __free_ovflpage(hashp, last_bfp); + dbm_free_ovflpage(hashp, last_bfp); last_bfp = rbufp; if (!rbufp) return (-1); /* Error. */ @@ -244,9 +244,9 @@ __big_delete(HTAB *hashp, BUFHEAD *bufp) bufp->flags |= BUF_MOD; if (rbufp) - __free_ovflpage(hashp, rbufp); + dbm_free_ovflpage(hashp, rbufp); if (last_bfp != rbufp) - __free_ovflpage(hashp, last_bfp); + dbm_free_ovflpage(hashp, last_bfp); hashp->NKEYS--; return (0); @@ -259,7 +259,7 @@ __big_delete(HTAB *hashp, BUFHEAD *bufp) * -3 error */ extern int -__find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size) +dbm_find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size) { register uint16 *bp; register char *p; @@ -279,7 +279,7 @@ __find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size) return (-2); kkey += bytes; ksize -= bytes; - bufp = __get_buf(hashp, bp[ndx + 2], bufp, 0); + bufp = dbm_get_buf(hashp, bp[ndx + 2], bufp, 0); if (!bufp) return (-3); p = bufp->page; @@ -306,7 +306,7 @@ __find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size) * bucket) */ extern uint16 -__find_last_page(HTAB *hashp, BUFHEAD **bpp) +dbm_find_last_page(HTAB *hashp, BUFHEAD **bpp) { BUFHEAD *bufp; uint16 *bp, pageno; @@ -332,7 +332,7 @@ __find_last_page(HTAB *hashp, BUFHEAD **bpp) return (0); pageno = bp[n - 1]; - bufp = __get_buf(hashp, pageno, bufp, 0); + bufp = dbm_get_buf(hashp, pageno, bufp, 0); if (!bufp) return (0); /* Need to indicate an error! */ bp = (uint16 *)bufp->page; @@ -350,7 +350,7 @@ __find_last_page(HTAB *hashp, BUFHEAD **bpp) * index (index should always be 1). */ extern int -__big_return( +dbm_big_return( HTAB *hashp, BUFHEAD *bufp, int ndx, @@ -364,7 +364,7 @@ __big_return( bp = (uint16 *)bufp->page; while (bp[ndx + 1] == PARTIAL_KEY) { - bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); + bufp = dbm_get_buf(hashp, bp[bp[0] - 1], bufp, 0); if (!bufp) return (-1); bp = (uint16 *)bufp->page; @@ -372,7 +372,7 @@ __big_return( } if (bp[ndx + 1] == FULL_KEY) { - bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); + bufp = dbm_get_buf(hashp, bp[bp[0] - 1], bufp, 0); if (!bufp) return (-1); bp = (uint16 *)bufp->page; @@ -392,7 +392,7 @@ __big_return( len = bp[1] - off; save_p = bufp; save_addr = bufp->addr; - bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); + bufp = dbm_get_buf(hashp, bp[bp[0] - 1], bufp, 0); if (!bufp) return (-1); bp = (uint16 *)bufp->page; @@ -409,8 +409,8 @@ __big_return( hashp->cbucket++; hashp->cndx = 1; } else { - hashp->cpage = __get_buf(hashp, - bp[bp[0] - 1], bufp, 0); + hashp->cpage = dbm_get_buf(hashp, + bp[bp[0] - 1], bufp, 0); if (!hashp->cpage) return (-1); hashp->cndx = 1; @@ -470,7 +470,7 @@ collect_data( save_bufp->flags |= BUF_PIN; /* read the length of the buffer */ - for (totlen = len; bufp; bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0)) { + for (totlen = len; bufp; bufp = dbm_get_buf(hashp, bp[bp[0] - 1], bufp, 0)) { bp = (uint16 *)bufp->page; mylen = hashp->BSIZE - bp[1]; @@ -502,7 +502,7 @@ collect_data( /* copy the buffers back into temp buf */ for (bufp = save_bufp; bufp; - bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0)) { + bufp = dbm_get_buf(hashp, bp[bp[0] - 1], bufp, 0)) { bp = (uint16 *)bufp->page; mylen = hashp->BSIZE - bp[1]; memmove(&hashp->tmp_buf[len], (bufp->page) + bp[1], (size_t)mylen); @@ -522,7 +522,7 @@ collect_data( hashp->cpage = NULL; hashp->cbucket++; } else { - hashp->cpage = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); + hashp->cpage = dbm_get_buf(hashp, bp[bp[0] - 1], bufp, 0); if (!hashp->cpage) return (-1); else if (!((uint16 *)hashp->cpage->page)[0]) { @@ -538,7 +538,7 @@ collect_data( * Fill in the key and data for this big pair. */ extern int -__big_keydata( +dbm_big_keydata( HTAB *hashp, BUFHEAD *bufp, DBT *key, DBT *val, @@ -579,10 +579,10 @@ collect_key( free(hashp->tmp_key); if ((hashp->tmp_key = (char *)malloc((size_t)totlen)) == NULL) return (-1); - if (__big_return(hashp, bufp, 1, val, set)) + if (dbm_big_return(hashp, bufp, 1, val, set)) return (-1); } else { - xbp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); + xbp = dbm_get_buf(hashp, bp[bp[0] - 1], bufp, 0); if (!xbp || ((totlen = collect_key(hashp, xbp, totlen, val, set)) < 1)) return (-1); @@ -601,7 +601,7 @@ collect_key( * -1 => error */ extern int -__big_split( +dbm_big_split( HTAB *hashp, BUFHEAD *op, /* Pointer to where to put keys that go in old bucket */ BUFHEAD *np, /* Pointer to new bucket page */ @@ -621,13 +621,13 @@ __big_split( bp = big_keyp; /* Now figure out where the big key/data goes */ - if (__big_keydata(hashp, big_keyp, &key, &val, 0)) + if (dbm_big_keydata(hashp, big_keyp, &key, &val, 0)) return (-1); - change = (__call_hash(hashp, (char *)key.data, key.size) != obucket); + change = (dbm_call_hash(hashp, (char *)key.data, key.size) != obucket); - if ((ret->next_addr = __find_last_page(hashp, &big_keyp))) { + if ((ret->next_addr = dbm_find_last_page(hashp, &big_keyp))) { if (!(ret->nextp = - __get_buf(hashp, ret->next_addr, big_keyp, 0))) + dbm_get_buf(hashp, ret->next_addr, big_keyp, 0))) return (-1); ; } else @@ -692,7 +692,7 @@ __big_split( tp[0] -= 2; FREESPACE(tp) = free_space + OVFLSIZE; OFFSET(tp) = off; - tmpp = __add_ovflpage(hashp, big_keyp); + tmpp = dbm_add_ovflpage(hashp, big_keyp); if (!tmpp) return (-1); tp[4] = n; @@ -704,4 +704,5 @@ __big_split( else ret->oldp = tmpp; return (0); + } diff --git a/security/nss/lib/dbm/src/h_func.c b/security/nss/lib/dbm/src/h_func.c index 0d8734e8ba..897060992e 100644 --- a/security/nss/lib/dbm/src/h_func.c +++ b/security/nss/lib/dbm/src/h_func.c @@ -52,7 +52,7 @@ static uint32 hash3(const void *, size_t); static uint32 hash4(const void *, size_t); /* Global default hash function */ -uint32 (*__default_hash)(const void *, size_t) = hash4; +uint32 (*dbm_default_hash)(const void *, size_t) = hash4; /* * HASH FUNCTIONS @@ -205,3 +205,4 @@ hash4(const void *keyarg, register size_t len) } return (h); } + diff --git a/security/nss/lib/dbm/src/h_log2.c b/security/nss/lib/dbm/src/h_log2.c index a42b51a99b..0e91fd042e 100644 --- a/security/nss/lib/dbm/src/h_log2.c +++ b/security/nss/lib/dbm/src/h_log2.c @@ -43,7 +43,7 @@ static char sccsid[] = "@(#)hash_log2.c 8.2 (Berkeley) 5/31/94"; #include "mcom_db.h" uint32 -__log2(uint32 num) +dbm_log2(uint32 num) { register uint32 i, limit; @@ -51,4 +51,5 @@ __log2(uint32 num) for (i = 0; limit < num; limit = limit << 1, i++) { } return (i); + } diff --git a/security/nss/lib/dbm/src/h_page.c b/security/nss/lib/dbm/src/h_page.c index e5623224b3..e6f61c6238 100644 --- a/security/nss/lib/dbm/src/h_page.c +++ b/security/nss/lib/dbm/src/h_page.c @@ -204,7 +204,7 @@ putpair(char *p, const DBT *key, DBT *val) * -1 error */ extern int -__delpair(HTAB *hashp, BUFHEAD *bufp, int ndx) +dbm_delpair(HTAB *hashp, BUFHEAD *bufp, int ndx) { register uint16 *bp, newoff; register int n; @@ -214,7 +214,7 @@ __delpair(HTAB *hashp, BUFHEAD *bufp, int ndx) n = bp[0]; if (bp[ndx + 1] < REAL_KEY) - return (__big_delete(hashp, bufp)); + return (dbm_big_delete(hashp, bufp)); if (ndx != 1) newoff = bp[ndx - 1]; else @@ -277,7 +277,7 @@ __delpair(HTAB *hashp, BUFHEAD *bufp, int ndx) * -1 ==> Error */ extern int -__split_page(HTAB *hashp, uint32 obucket, uint32 nbucket) +dbm_split_page(HTAB *hashp, uint32 obucket, uint32 nbucket) { register BUFHEAD *new_bufp, *old_bufp; register uint16 *ino; @@ -292,10 +292,10 @@ __split_page(HTAB *hashp, uint32 obucket, uint32 nbucket) copyto = (uint16)hashp->BSIZE; off = (uint16)hashp->BSIZE; - old_bufp = __get_buf(hashp, obucket, NULL, 0); + old_bufp = dbm_get_buf(hashp, obucket, NULL, 0); if (old_bufp == NULL) return (-1); - new_bufp = __get_buf(hashp, nbucket, NULL, 0); + new_bufp = dbm_get_buf(hashp, nbucket, NULL, 0); if (new_bufp == NULL) return (-1); @@ -331,7 +331,7 @@ __split_page(HTAB *hashp, uint32 obucket, uint32 nbucket) assert(((int)key.size) > -1); #endif - if (__call_hash(hashp, (char *)key.data, key.size) == obucket) { + if (dbm_call_hash(hashp, (char *)key.data, key.size) == obucket) { /* Don't switch page */ diff = copyto - off; if (diff) { @@ -443,8 +443,8 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp, return DATABASE_CORRUPTED_ERROR; if (ino[2] < REAL_KEY && ino[2] != OVFLPAGE) { - if ((status = __big_split(hashp, old_bufp, - new_bufp, bufp, bufp->addr, obucket, &ret))) + if ((status = dbm_big_split(hashp, old_bufp, + new_bufp, bufp, bufp->addr, obucket, &ret))) return (status); old_bufp = ret.oldp; if (!old_bufp) @@ -477,7 +477,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp, scopyto - sizeof(uint16) * (ino[0] + 3); OFFSET(ino) = scopyto; - bufp = __get_buf(hashp, ov_addr, bufp, 0); + bufp = dbm_get_buf(hashp, ov_addr, bufp, 0); if (!bufp) return (-1); @@ -487,7 +487,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp, moved = 0; if (last_bfp) - __free_ovflpage(hashp, last_bfp); + dbm_free_ovflpage(hashp, last_bfp); last_bfp = bufp; } /* Move regular sized pairs of there are any */ @@ -506,13 +506,13 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp, val.size = ino[n] - ino[n + 1]; off = ino[n + 1]; - if (__call_hash(hashp, (char *)key.data, key.size) == obucket) { + if (dbm_call_hash(hashp, (char *)key.data, key.size) == obucket) { /* Keep on old page */ if (PAIRFITS(op, (&key), (&val))) putpair((char *)op, &key, &val); else { old_bufp = - __add_ovflpage(hashp, old_bufp); + dbm_add_ovflpage(hashp, old_bufp); if (!old_bufp) return (-1); op = (uint16 *)old_bufp->page; @@ -525,7 +525,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp, putpair((char *)np, &key, &val); else { new_bufp = - __add_ovflpage(hashp, new_bufp); + dbm_add_ovflpage(hashp, new_bufp); if (!new_bufp) return (-1); np = (uint16 *)new_bufp->page; @@ -536,7 +536,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp, } } if (last_bfp) - __free_ovflpage(hashp, last_bfp); + dbm_free_ovflpage(hashp, last_bfp); return (0); } @@ -548,7 +548,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp, * 1 ==> failure */ extern int -__addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) +dbm_addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) { register uint16 *bp, *sop; int do_expand; @@ -562,7 +562,7 @@ __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) and we need to add another page */ break; else if (bp[2] < REAL_KEY && bp[bp[0]] != OVFLPAGE) { - bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); + bufp = dbm_get_buf(hashp, bp[bp[0] - 1], bufp, 0); if (!bufp) { #ifdef DEBUG assert(0); @@ -585,7 +585,7 @@ __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) return (0); } } else { - bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); + bufp = dbm_get_buf(hashp, bp[bp[0] - 1], bufp, 0); if (!bufp) { #ifdef DEBUG assert(0); @@ -599,7 +599,7 @@ __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) putpair(bufp->page, key, (DBT *)val); else { do_expand = 1; - bufp = __add_ovflpage(hashp, bufp); + bufp = dbm_add_ovflpage(hashp, bufp); if (!bufp) { #ifdef DEBUG assert(0); @@ -610,7 +610,7 @@ __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) if (PAIRFITS(sop, key, val)) putpair((char *)sop, key, (DBT *)val); - else if (__big_insert(hashp, bufp, key, val)) { + else if (dbm_big_insert(hashp, bufp, key, val)) { #ifdef DEBUG assert(0); #endif @@ -625,7 +625,7 @@ __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) hashp->NKEYS++; if (do_expand || (hashp->NKEYS / (hashp->MAX_BUCKET + 1) > hashp->FFACTOR)) - return (__expand_table(hashp)); + return (dbm_expand_table(hashp)); return (0); } @@ -636,7 +636,7 @@ __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) * NULL on error */ extern BUFHEAD * -__add_ovflpage(HTAB *hashp, BUFHEAD *bufp) +dbm_add_ovflpage(HTAB *hashp, BUFHEAD *bufp) { register uint16 *sp; uint16 ndx, ovfl_num; @@ -657,7 +657,7 @@ __add_ovflpage(HTAB *hashp, BUFHEAD *bufp) tmp1 = bufp->addr; tmp2 = bufp->ovfl ? bufp->ovfl->addr : 0; #endif - if (!ovfl_num || !(bufp->ovfl = __get_buf(hashp, ovfl_num, bufp, 1))) + if (!ovfl_num || !(bufp->ovfl = dbm_get_buf(hashp, ovfl_num, bufp, 1))) return (NULL); bufp->ovfl->flags |= BUF_MOD; #ifdef DEBUG1 @@ -687,12 +687,12 @@ __add_ovflpage(HTAB *hashp, BUFHEAD *bufp) * -1 indicates FAILURE */ extern int -__get_page(HTAB *hashp, - char *p, - uint32 bucket, - int is_bucket, - int is_disk, - int is_bitmap) +dbm_get_page(HTAB *hashp, + char *p, + uint32 bucket, + int is_bucket, + int is_disk, + int is_bitmap) { register int fd, page; size_t size; @@ -805,7 +805,7 @@ __get_page(HTAB *hashp, * -1 ==>failure */ extern int -__put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap) +dbm_put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap) { register int fd, page; size_t size; @@ -895,7 +895,7 @@ __put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap) * once they are read in. */ extern int -__ibitmap(HTAB *hashp, int pnum, int nbits, int ndx) +dbm_ibitmap(HTAB *hashp, int pnum, int nbits, int ndx) { uint32 *ip; size_t clearbytes, clearints; @@ -1011,8 +1011,8 @@ overflow_page(HTAB *hashp) * don't have to if we tell init_bitmap not to leave it clear * in the first place. */ - if (__ibitmap(hashp, - (int)OADDR_OF(splitnum, offset), 1, free_page)) + if (dbm_ibitmap(hashp, + (int)OADDR_OF(splitnum, offset), 1, free_page)) return (0); hashp->SPARES[splitnum]++; #ifdef DEBUG2 @@ -1084,7 +1084,7 @@ found: * Mark this overflow page as free. */ extern void -__free_ovflpage(HTAB *hashp, BUFHEAD *obufp) +dbm_free_ovflpage(HTAB *hashp, BUFHEAD *obufp) { uint16 addr; uint32 *freep; @@ -1125,7 +1125,7 @@ __free_ovflpage(HTAB *hashp, BUFHEAD *obufp) (void)fprintf(stderr, "FREE_OVFLPAGE: ADDR: %d BIT: %d PAGE %d\n", obufp->addr, free_bit, free_page); #endif - __reclaim_buf(hashp, obufp); + dbm_reclaim_buf(hashp, obufp); } /* @@ -1236,8 +1236,8 @@ fetch_bitmap(HTAB *hashp, uint32 ndx) return (NULL); if ((hashp->mapp[ndx] = (uint32 *)malloc((size_t)hashp->BSIZE)) == NULL) return (NULL); - if (__get_page(hashp, - (char *)hashp->mapp[ndx], hashp->BITMAPS[ndx], 0, 1, 1)) { + if (dbm_get_page(hashp, + (char *)hashp->mapp[ndx], hashp->BITMAPS[ndx], 0, 1, 1)) { free(hashp->mapp[ndx]); hashp->mapp[ndx] = NULL; /* NEW: 9-11-95 */ return (NULL); @@ -1253,15 +1253,16 @@ print_chain(int addr) short *bp, oaddr; (void)fprintf(stderr, "%d ", addr); - bufp = __get_buf(hashp, addr, NULL, 0); + bufp = dbm_get_buf(hashp, addr, NULL, 0); bp = (short *)bufp->page; while (bp[0] && ((bp[bp[0]] == OVFLPAGE) || ((bp[0] > 2) && bp[2] < REAL_KEY))) { oaddr = bp[bp[0] - 1]; (void)fprintf(stderr, "%d ", (int)oaddr); - bufp = __get_buf(hashp, (int)oaddr, bufp, 0); + bufp = dbm_get_buf(hashp, (int)oaddr, bufp, 0); bp = (short *)bufp->page; } (void)fprintf(stderr, "\n"); } + #endif diff --git a/security/nss/lib/dbm/src/hash.c b/security/nss/lib/dbm/src/hash.c index 98b1c07c73..100bbad27b 100644 --- a/security/nss/lib/dbm/src/hash.c +++ b/security/nss/lib/dbm/src/hash.c @@ -118,7 +118,7 @@ int hash_accesses, hash_collisions, hash_expansions, hash_overflows; * This closes the file, flushing buffers as appropriate. */ static void -__remove_database(DB *dbp) +dbm_remove_database(DB *dbp) { HTAB *hashp = (HTAB *)dbp->internal; @@ -134,7 +134,7 @@ __remove_database(DB *dbp) /* OPEN/CLOSE */ extern DB * -__hash_open(const char *file, int flags, int mode, const HASHINFO *info, int dflags) +dbm_hash_open(const char *file, int flags, int mode, const HASHINFO *info, int dflags) { HTAB *hashp = NULL; struct stat statbuf; @@ -199,7 +199,7 @@ __hash_open(const char *file, int flags, int mode, const HASHINFO *info, int dfl if (info && info->hash) hashp->hash = info->hash; else - hashp->hash = __default_hash; + hashp->hash = dbm_default_hash; hdrsize = read(hashp->fp, (char *)&hashp->hdr, sizeof(HASHHDR)); if (hdrsize == -1) @@ -243,9 +243,9 @@ __hash_open(const char *file, int flags, int mode, const HASHINFO *info, int dfl /* Initialize Buffer Manager */ if (info && info->cachesize) - __buf_init(hashp, (int32)info->cachesize); + dbm_buf_init(hashp, (int32)info->cachesize); else - __buf_init(hashp, DEF_BUFSIZE); + dbm_buf_init(hashp, DEF_BUFSIZE); hashp->new_file = new_table; #ifdef macintosh @@ -331,7 +331,7 @@ init_hash(HTAB *hashp, const char *file, HASHINFO *info) hashp->SSHIFT = DEF_SEGSIZE_SHIFT; hashp->DSIZE = DEF_DIRSIZE; hashp->FFACTOR = DEF_FFACTOR; - hashp->hash = __default_hash; + hashp->hash = dbm_default_hash; memset(hashp->SPARES, 0, sizeof(hashp->SPARES)); memset(hashp->BITMAPS, 0, sizeof(hashp->BITMAPS)); @@ -353,13 +353,13 @@ init_hash(HTAB *hashp, const char *file, HASHINFO *info) if (hashp->BSIZE > MAX_BSIZE) hashp->BSIZE = MAX_BSIZE; #endif - hashp->BSHIFT = __log2((uint32)hashp->BSIZE); + hashp->BSHIFT = dbm_log2((uint32)hashp->BSIZE); } if (info) { if (info->bsize) { /* Round pagesize up to power of 2 */ - hashp->BSHIFT = __log2(info->bsize); + hashp->BSHIFT = dbm_log2(info->bsize); hashp->BSIZE = 1 << hashp->BSHIFT; if (hashp->BSIZE > MAX_BSIZE) { errno = EINVAL; @@ -406,7 +406,7 @@ init_htab(HTAB *hashp, int nelem) */ nelem = (nelem - 1) / hashp->FFACTOR + 1; - l2 = __log2((uint32)PR_MAX(nelem, 2)); + l2 = dbm_log2((uint32)PR_MAX(nelem, 2)); nbuckets = 1 << l2; hashp->SPARES[l2] = l2 + 1; @@ -415,7 +415,7 @@ init_htab(HTAB *hashp, int nelem) hashp->LAST_FREED = 2; /* First bitmap page is at: splitpoint l2 page offset 1 */ - if (__ibitmap(hashp, (int)OADDR_OF(l2, 1), l2 + 1, 0)) + if (dbm_ibitmap(hashp, (int)OADDR_OF(l2, 1), l2 + 1, 0)) return (-1); hashp->MAX_BUCKET = hashp->LOW_MASK = nbuckets - 1; @@ -425,7 +425,7 @@ init_htab(HTAB *hashp, int nelem) 1; nsegs = (nbuckets - 1) / hashp->SGSIZE + 1; - nsegs = 1 << __log2((uint32)nsegs); + nsegs = 1 << dbm_log2((uint32)nsegs); if (nsegs > hashp->DSIZE) hashp->DSIZE = nsegs; @@ -463,7 +463,7 @@ hdestroy(HTAB *hashp) * Call on buffer manager to free buffers, and if required, * write them to disk. */ - if (__buf_free(hashp, 1, hashp->save_file)) + if (dbm_buf_free(hashp, 1, hashp->save_file)) save_errno = errno; if (hashp->dir) { free(*hashp->dir); /* Free initial segments */ @@ -585,7 +585,7 @@ hash_sync(const DB *dbp, uint flags) if (!hashp->save_file) return (0); - if (__buf_free(hashp, 0, 1) || flush_meta(hashp)) + if (dbm_buf_free(hashp, 0, 1) || flush_meta(hashp)) return (DBM_ERROR); #if defined(_WIN32) || defined(_WINDOWS) if (hashp->updateEOF && hashp->filename && !hashp->is_temp) { @@ -635,8 +635,8 @@ flush_meta(HTAB *hashp) } for (i = 0; i < NCACHED; i++) if (hashp->mapp[i]) - if (__put_page(hashp, (char *)hashp->mapp[i], - hashp->BITMAPS[i], 0, 1)) + if (dbm_put_page(hashp, (char *)hashp->mapp[i], + hashp->BITMAPS[i], 0, 1)) return (-1); return (0); } @@ -675,7 +675,7 @@ hash_get( #if defined(unix) && defined(DEBUG) printf("\n\nDBM Database has been corrupted, tell Lou...\n\n"); #endif - __remove_database((DB *)dbp); + dbm_remove_database((DB *)dbp); } return (rv); @@ -711,7 +711,7 @@ hash_put( #if defined(unix) && defined(DEBUG) printf("\n\nDBM Database has been corrupted, tell Lou...\n\n"); #endif - __remove_database((DB *)dbp); + dbm_remove_database((DB *)dbp); } return (rv); @@ -744,7 +744,7 @@ hash_delete( #if defined(unix) && defined(DEBUG) printf("\n\nDBM Database has been corrupted, tell Lou...\n\n"); #endif - __remove_database((DB *)dbp); + dbm_remove_database((DB *)dbp); } return (rv); @@ -777,7 +777,7 @@ hash_access( off = hashp->BSIZE; size = key->size; kp = (char *)key->data; - rbufp = __get_buf(hashp, __call_hash(hashp, kp, size), NULL, 0); + rbufp = dbm_get_buf(hashp, dbm_call_hash(hashp, kp, size), NULL, 0); if (!rbufp) return (DATABASE_CORRUPTED_ERROR); save_bufp = rbufp; @@ -805,7 +805,7 @@ hash_access( last_overflow_page_no = *bp; - rbufp = __get_buf(hashp, *bp, rbufp, 0); + rbufp = dbm_get_buf(hashp, *bp, rbufp, 0); if (!rbufp) { save_bufp->flags &= ~BUF_PIN; return (DBM_ERROR); @@ -822,17 +822,17 @@ hash_access( off = hashp->BSIZE; } else if (bp[1] < REAL_KEY) { if ((ndx = - __find_bigpair(hashp, rbufp, ndx, kp, (int)size)) > 0) + dbm_find_bigpair(hashp, rbufp, ndx, kp, (int)size)) > 0) goto found; if (ndx == -2) { bufp = rbufp; if (!(pageno = - __find_last_page(hashp, &bufp))) { + dbm_find_last_page(hashp, &bufp))) { ndx = 0; rbufp = bufp; break; /* FOR */ } - rbufp = __get_buf(hashp, pageno, bufp, 0); + rbufp = dbm_get_buf(hashp, pageno, bufp, 0); if (!rbufp) { save_bufp->flags &= ~BUF_PIN; return (DBM_ERROR); @@ -853,7 +853,7 @@ hash_access( switch (action) { case HASH_PUT: case HASH_PUTNEW: - if (__addel(hashp, rbufp, key, val)) { + if (dbm_addel(hashp, rbufp, key, val)) { save_bufp->flags &= ~BUF_PIN; return (DBM_ERROR); } else { @@ -875,7 +875,7 @@ found: case HASH_GET: bp = (uint16 *)rbufp->page; if (bp[ndx + 1] < REAL_KEY) { - if (__big_return(hashp, rbufp, ndx, val, 0)) + if (dbm_big_return(hashp, rbufp, ndx, val, 0)) return (DBM_ERROR); } else { val->data = (uint8 *)rbufp->page + (int)bp[ndx + 1]; @@ -883,14 +883,14 @@ found: } break; case HASH_PUT: - if ((__delpair(hashp, rbufp, ndx)) || - (__addel(hashp, rbufp, key, val))) { + if ((dbm_delpair(hashp, rbufp, ndx)) || + (dbm_addel(hashp, rbufp, key, val))) { save_bufp->flags &= ~BUF_PIN; return (DBM_ERROR); } break; case HASH_DELETE: - if (__delpair(hashp, rbufp, ndx)) + if (dbm_delpair(hashp, rbufp, ndx)) return (DBM_ERROR); break; default: @@ -933,7 +933,7 @@ hash_seq( for (bucket = hashp->cbucket; bucket <= (uint32)hashp->MAX_BUCKET; bucket++, hashp->cndx = 1) { - bufp = __get_buf(hashp, bucket, NULL, 0); + bufp = dbm_get_buf(hashp, bucket, NULL, 0); if (!bufp) return (DBM_ERROR); hashp->cpage = bufp; @@ -955,7 +955,7 @@ hash_seq( #endif while (bp[hashp->cndx + 1] == OVFLPAGE) { bufp = hashp->cpage = - __get_buf(hashp, bp[hashp->cndx], bufp, 0); + dbm_get_buf(hashp, bp[hashp->cndx], bufp, 0); if (!bufp) return (DBM_ERROR); bp = (uint16 *)(bufp->page); @@ -968,7 +968,7 @@ hash_seq( } ndx = hashp->cndx; if (bp[ndx + 1] < REAL_KEY) { - if (__big_keydata(hashp, bufp, key, data, 1)) + if (dbm_big_keydata(hashp, bufp, key, data, 1)) return (DBM_ERROR); } else { key->data = (uint8 *)hashp->cpage->page + bp[ndx]; @@ -994,7 +994,7 @@ hash_seq( * -1 ==> Error */ extern int -__expand_table(HTAB *hashp) +dbm_expand_table(HTAB *hashp) { uint32 old_bucket, new_bucket; int new_segnum, spare_ndx; @@ -1029,7 +1029,7 @@ __expand_table(HTAB *hashp) * * increases), we need to copy the current contents of the spare * split bucket to the next bucket. */ - spare_ndx = __log2((uint32)(hashp->MAX_BUCKET + 1)); + spare_ndx = dbm_log2((uint32)(hashp->MAX_BUCKET + 1)); if (spare_ndx > hashp->OVFL_POINT) { hashp->SPARES[spare_ndx] = hashp->SPARES[hashp->OVFL_POINT]; hashp->OVFL_POINT = spare_ndx; @@ -1041,7 +1041,7 @@ __expand_table(HTAB *hashp) hashp->HIGH_MASK = new_bucket | hashp->LOW_MASK; } /* Relocate records to the new bucket */ - return (__split_page(hashp, old_bucket, new_bucket)); + return (dbm_split_page(hashp, old_bucket, new_bucket)); } /* @@ -1065,7 +1065,7 @@ hash_realloc( } extern uint32 -__call_hash(HTAB *hashp, char *k, size_t len) +dbm_call_hash(HTAB *hashp, char *k, size_t len) { uint32 n, bucket; @@ -1168,4 +1168,5 @@ swap_header(HTAB *hashp) M_16_SWAP(hdrp->bitmaps[i]); } } + #endif diff --git a/security/nss/lib/dbm/src/hash_buf.c b/security/nss/lib/dbm/src/hash_buf.c index a7cd2d0763..02deb81c56 100644 --- a/security/nss/lib/dbm/src/hash_buf.c +++ b/security/nss/lib/dbm/src/hash_buf.c @@ -104,7 +104,7 @@ static BUFHEAD *newbuf(HTAB *, uint32, BUFHEAD *); * address you are seeking. */ extern BUFHEAD * -__get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage) +dbm_get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage) /* If prev_bp set, indicates a new overflow page. */ { register BUFHEAD *bp; @@ -124,7 +124,7 @@ __get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage) /* Grab buffer out of directory */ segment_ndx = addr & (hashp->SGSIZE - 1); - /* valid segment ensured by __call_hash() */ + /* valid segment ensured by dbm_call_hash() */ segp = hashp->dir[addr >> hashp->SSHIFT]; #ifdef DEBUG assert(segp != NULL); @@ -140,7 +140,7 @@ __get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage) bp = newbuf(hashp, addr, prev_bp); if (!bp) return (NULL); - if (__get_page(hashp, bp->page, addr, !prev_bp, is_disk, 0)) { + if (dbm_get_page(hashp, bp->page, addr, !prev_bp, is_disk, 0)) { /* free bp and its page */ if (prev_bp) { /* if prev_bp is set then the new page that @@ -242,8 +242,8 @@ newbuf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp) } oaddr = shortp[shortp[0] - 1]; } - if ((bp->flags & BUF_MOD) && __put_page(hashp, bp->page, - bp->addr, (int)IS_BUCKET(bp->flags), 0)) + if ((bp->flags & BUF_MOD) && dbm_put_page(hashp, bp->page, + bp->addr, (int)IS_BUCKET(bp->flags), 0)) return (NULL); /* * Update the pointer to this page (i.e. invalidate it). @@ -298,8 +298,8 @@ newbuf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp) /* set before __put_page */ oaddr = shortp[shortp[0] - 1]; } - if ((xbp->flags & BUF_MOD) && __put_page(hashp, - xbp->page, xbp->addr, 0, 0)) + if ((xbp->flags & BUF_MOD) && dbm_put_page(hashp, + xbp->page, xbp->addr, 0, 0)) return (NULL); xbp->addr = 0; xbp->flags = 0; @@ -335,7 +335,7 @@ newbuf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp) } extern void -__buf_init(HTAB *hashp, int32 nbytes) +dbm_buf_init(HTAB *hashp, int32 nbytes) { BUFHEAD *bfp; int npages; @@ -358,7 +358,7 @@ __buf_init(HTAB *hashp, int32 nbytes) } extern int -__buf_free(HTAB *hashp, int do_free, int to_disk) +dbm_buf_free(HTAB *hashp, int do_free, int to_disk) { BUFHEAD *bp; int status = -1; @@ -370,8 +370,8 @@ __buf_free(HTAB *hashp, int do_free, int to_disk) /* Check that the buffer is valid */ if (bp->addr || IS_BUCKET(bp->flags)) { if (to_disk && (bp->flags & BUF_MOD) && - (status = __put_page(hashp, bp->page, - bp->addr, IS_BUCKET(bp->flags), 0))) { + (status = dbm_put_page(hashp, bp->page, + bp->addr, IS_BUCKET(bp->flags), 0))) { if (do_free) { if (bp->page) @@ -397,11 +397,12 @@ __buf_free(HTAB *hashp, int do_free, int to_disk) } extern void -__reclaim_buf(HTAB *hashp, BUFHEAD *bp) +dbm_reclaim_buf(HTAB *hashp, BUFHEAD *bp) { bp->ovfl = 0; bp->addr = 0; bp->flags = 0; BUF_REMOVE(bp); LRU_INSERT(bp); + } -- cgit v1.2.3 From edfba06ce39f155f9394381d4f445a0c986bac77 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Thu, 24 Oct 2019 16:14:41 +0200 Subject: Support longer (up to RFC maximum) HKDF outputs HKDF-Expand enforces a maximum output length much shorter than stated in the RFC. This patch aligns the implementation with the RFC by allocating more output space when necessary. --- security/nss/lib/softoken/pkcs11c.c | 33 +++++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 8 deletions(-) (limited to 'security') diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 884702cc16..327a67d5c0 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -7668,9 +7668,11 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession, const SECHashObject *rawHash; unsigned hashLen; CK_BYTE hashbuf[HASH_LENGTH_MAX]; - CK_BYTE *prk; /* psuedo-random key */ + CK_BYTE *prk; /* psuedo-random key */ CK_ULONG prkLen; - CK_BYTE *okm; /* output keying material */ + CK_BYTE *okm; /* output keying material */ + unsigned allocated_space = 0; /* If we need more work space, track it */ + unsigned char *key_buf = &key_block[0]; rawHash = HASH_GetRawHashObject(hashType); if (rawHash == NULL || rawHash->length > sizeof(hashbuf)) { @@ -7686,7 +7688,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession, crv = CKR_MECHANISM_PARAM_INVALID; break; } - if (keySize == 0 || keySize > sizeof key_block || + if (keySize == 0 || (!params->bExpand && keySize > hashLen) || (params->bExpand && keySize > 255 * hashLen)) { crv = CKR_TEMPLATE_INCONSISTENT; @@ -7736,34 +7738,49 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession, /* T(1) = HMAC-Hash(prk, "" | info | 0x01) * T(n) = HMAC-Hash(prk, T(n-1) | info | n * key material = T(1) | ... | T(n) + * + * If the requested output length does not fit + * within |key_block|, allocate space for expansion. */ HMACContext *hmac; CK_BYTE bi; - unsigned iterations = PR_ROUNDUP(keySize, hashLen) / hashLen; + unsigned n_bytes = PR_ROUNDUP(keySize, hashLen); + unsigned iterations = n_bytes / hashLen; hmac = HMAC_Create(rawHash, prk, prkLen, isFIPS); if (hmac == NULL) { crv = CKR_HOST_MEMORY; break; } - for (bi = 1; bi <= iterations; ++bi) { + if (n_bytes > sizeof(key_block)) { + key_buf = PORT_Alloc(n_bytes); + if (key_buf == NULL) { + crv = CKR_HOST_MEMORY; + break; + } + allocated_space = n_bytes; + } + for (bi = 1; bi <= iterations && bi > 0; ++bi) { unsigned len; HMAC_Begin(hmac); if (bi > 1) { - HMAC_Update(hmac, key_block + ((bi - 2) * hashLen), hashLen); + HMAC_Update(hmac, key_buf + ((bi - 2) * hashLen), hashLen); } if (params->ulInfoLen != 0) { HMAC_Update(hmac, params->pInfo, params->ulInfoLen); } HMAC_Update(hmac, &bi, 1); - HMAC_Finish(hmac, key_block + ((bi - 1) * hashLen), &len, + HMAC_Finish(hmac, key_buf + ((bi - 1) * hashLen), &len, hashLen); PORT_Assert(len == hashLen); } HMAC_Destroy(hmac, PR_TRUE); - okm = key_block; + okm = key_buf; } /* key material = prk */ crv = sftk_forceAttribute(key, CKA_VALUE, okm, keySize); + if (allocated_space) { + PORT_ZFree(key_buf, allocated_space); + } break; } /* end of CKM_NSS_HKDF_* */ -- cgit v1.2.3 From c525bb791873ecdcce59c0da4ceafc8f5f557b2f Mon Sep 17 00:00:00 2001 From: Kevin Jacobs Date: Thu, 24 Oct 2019 16:47:28 +0200 Subject: Add length checks for cryptographic primitives This rollup patch adds additional length checks around cryptographic primitives. --- security/nss/lib/freebl/chacha20poly1305.c | 5 +++++ security/nss/lib/freebl/ctr.c | 12 ++++++++++++ security/nss/lib/freebl/gcm.c | 6 ++++++ security/nss/lib/freebl/intel-gcm-wrap.c | 22 ++++++++++++++++++++++ security/nss/lib/freebl/rsapkcs.c | 20 +++++++++++--------- 5 files changed, 56 insertions(+), 9 deletions(-) (limited to 'security') diff --git a/security/nss/lib/freebl/chacha20poly1305.c b/security/nss/lib/freebl/chacha20poly1305.c index 302f0db9e7..8fdaf3fec8 100644 --- a/security/nss/lib/freebl/chacha20poly1305.c +++ b/security/nss/lib/freebl/chacha20poly1305.c @@ -234,6 +234,11 @@ ChaCha20Poly1305_Open(const ChaCha20Poly1305Context *ctx, unsigned char *output, PORT_SetError(SEC_ERROR_OUTPUT_LEN); return SECFailure; } + // ChaCha has a 64 octet block, with a 32-bit block counter. + if (inputLen >= (1ULL << (6 + 32)) + ctx->tagLen) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } PORT_Memset(block, 0, sizeof(block)); // Generate a block of keystream. The first 32 bytes will be the poly1305 diff --git a/security/nss/lib/freebl/ctr.c b/security/nss/lib/freebl/ctr.c index d7652c0606..4d26a5b06a 100644 --- a/security/nss/lib/freebl/ctr.c +++ b/security/nss/lib/freebl/ctr.c @@ -128,6 +128,12 @@ CTR_Update(CTRContext *ctr, unsigned char *outbuf, unsigned int tmp; SECStatus rv; + // Limit block count to 2^counterBits - 2 + if (ctr->counterBits < (sizeof(unsigned int) * 8) && + inlen > ((1 << ctr->counterBits) - 2) * AES_BLOCK_SIZE) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } if (maxout < inlen) { *outlen = inlen; PORT_SetError(SEC_ERROR_OUTPUT_LEN); @@ -199,6 +205,12 @@ CTR_Update_HW_AES(CTRContext *ctr, unsigned char *outbuf, unsigned int tmp; SECStatus rv; + // Limit block count to 2^counterBits - 2 + if (ctr->counterBits < (sizeof(unsigned int) * 8) && + inlen > ((1 << ctr->counterBits) - 2) * AES_BLOCK_SIZE) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } if (maxout < inlen) { *outlen = inlen; PORT_SetError(SEC_ERROR_OUTPUT_LEN); diff --git a/security/nss/lib/freebl/gcm.c b/security/nss/lib/freebl/gcm.c index f1e16da78e..e93970b888 100644 --- a/security/nss/lib/freebl/gcm.c +++ b/security/nss/lib/freebl/gcm.c @@ -469,6 +469,12 @@ gcmHash_Reset(gcmHashContext *ghash, const unsigned char *AAD, { SECStatus rv; + // Limit AADLen in accordance with SP800-38D + if (sizeof(AADLen) >= 8 && AADLen > (1ULL << 61) - 1) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + ghash->cLen = 0; PORT_Memset(ghash->counterBuf, 0, GCM_HASH_LEN_LEN * 2); ghash->bufLen = 0; diff --git a/security/nss/lib/freebl/intel-gcm-wrap.c b/security/nss/lib/freebl/intel-gcm-wrap.c index 37a1af7652..f69bc7c7ac 100644 --- a/security/nss/lib/freebl/intel-gcm-wrap.c +++ b/security/nss/lib/freebl/intel-gcm-wrap.c @@ -62,6 +62,12 @@ intel_AES_GCM_CreateContext(void *context, PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } + // Limit AADLen in accordance with SP800-38D + if (sizeof(AAD_whole_len) >= 8 && AAD_whole_len > (1ULL << 61) - 1) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return NULL; + } + gcm = PORT_ZNew(intel_AES_GCMContext); if (gcm == NULL) { return NULL; @@ -159,6 +165,14 @@ intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, unsigned char T[AES_BLOCK_SIZE]; unsigned int j; + // GCM has a 16 octet block, with a 32-bit block counter + // Limit in accordance with SP800-38D + if (sizeof(inlen) > 4 && + inlen >= ((1ULL << 32) - 2) * AES_BLOCK_SIZE) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE; if (UINT_MAX - inlen < tagBytes) { PORT_SetError(SEC_ERROR_INPUT_LEN); @@ -216,6 +230,14 @@ intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm, inlen -= tagBytes; intag = inbuf + inlen; + // GCM has a 16 octet block, with a 32-bit block counter + // Limit in accordance with SP800-38D + if (sizeof(inlen) > 4 && + inlen >= ((1ULL << 32) - 2) * AES_BLOCK_SIZE) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + if (maxout < inlen) { *outlen = inlen; PORT_SetError(SEC_ERROR_OUTPUT_LEN); diff --git a/security/nss/lib/freebl/rsapkcs.c b/security/nss/lib/freebl/rsapkcs.c index 875e4e28d3..6f94770adb 100644 --- a/security/nss/lib/freebl/rsapkcs.c +++ b/security/nss/lib/freebl/rsapkcs.c @@ -115,7 +115,7 @@ rsa_FormatOneBlock(unsigned modulusLen, { unsigned char *block; unsigned char *bp; - int padLen; + unsigned int padLen; int i, j; SECStatus rv; @@ -135,14 +135,14 @@ rsa_FormatOneBlock(unsigned modulusLen, switch (blockType) { /* - * Blocks intended for private-key operation. - */ + * Blocks intended for private-key operation. + */ case RSA_BlockPrivate: /* preferred method */ /* - * 0x00 || BT || Pad || 0x00 || ActualData - * 1 1 padLen 1 data->len - * Pad is either all 0x00 or all 0xff bytes, depending on blockType. - */ + * 0x00 || BT || Pad || 0x00 || ActualData + * 1 1 padLen 1 data->len + * Pad is either all 0x00 or all 0xff bytes, depending on blockType. + */ padLen = modulusLen - data->len - 3; PORT_Assert(padLen >= RSA_BLOCK_MIN_PAD_LEN); if (padLen < RSA_BLOCK_MIN_PAD_LEN) { @@ -162,7 +162,7 @@ rsa_FormatOneBlock(unsigned modulusLen, /* * 0x00 || BT || Pad || 0x00 || ActualData * 1 1 padLen 1 data->len - * Pad is all non-zero random bytes. + * Pad is 8 or more non-zero random bytes. * * Build the block left to right. * Fill the entire block from Pad to the end with random bytes. @@ -236,7 +236,9 @@ rsa_FormatBlock(SECItem *result, * The "3" below is the first octet + the second octet + the 0x00 * octet that always comes just before the ActualData. */ - PORT_Assert(data->len <= (modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN))); + if (data->len > (modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN))) { + return SECFailure; + } result->data = rsa_FormatOneBlock(modulusLen, blockType, data); if (result->data == NULL) { -- cgit v1.2.3 From 29317adcbc182f769074c39a7c1191529a356b24 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Thu, 24 Oct 2019 16:52:46 +0200 Subject: Update NSS version --- security/nss/coreconf/coreconf.dep | 1 + security/nss/lib/nss/nss.h | 4 ++-- security/nss/lib/softoken/softkver.h | 4 ++-- security/nss/lib/util/nssutil.h | 4 ++-- 4 files changed, 7 insertions(+), 6 deletions(-) (limited to 'security') diff --git a/security/nss/coreconf/coreconf.dep b/security/nss/coreconf/coreconf.dep index 5182f75552..590d1bfaee 100644 --- a/security/nss/coreconf/coreconf.dep +++ b/security/nss/coreconf/coreconf.dep @@ -10,3 +10,4 @@ */ #error "Do not include this header file." + diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index ea54ce0cd2..f6b83a01cc 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -22,10 +22,10 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define NSS_VERSION "3.41.2" _NSS_CUSTOMIZED +#define NSS_VERSION "3.41.3" _NSS_CUSTOMIZED #define NSS_VMAJOR 3 #define NSS_VMINOR 41 -#define NSS_VPATCH 2 +#define NSS_VPATCH 3 #define NSS_VBUILD 0 #define NSS_BETA PR_FALSE diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index 73a38b010d..ab2e91018e 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -17,10 +17,10 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define SOFTOKEN_VERSION "3.41.2" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.41.3" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 #define SOFTOKEN_VMINOR 41 -#define SOFTOKEN_VPATCH 2 +#define SOFTOKEN_VPATCH 3 #define SOFTOKEN_VBUILD 0 #define SOFTOKEN_BETA PR_FALSE diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index a2be260b0c..f880fb55e1 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,10 +19,10 @@ * The format of the version string should be * ".[.[.]][ ]" */ -#define NSSUTIL_VERSION "3.41.2" +#define NSSUTIL_VERSION "3.41.3" #define NSSUTIL_VMAJOR 3 #define NSSUTIL_VMINOR 41 -#define NSSUTIL_VPATCH 2 +#define NSSUTIL_VPATCH 3 #define NSSUTIL_VBUILD 0 #define NSSUTIL_BETA PR_FALSE -- cgit v1.2.3