download.lst | 4 external/nss/UnpackedTarball_nss.mk | 6 external/nss/nss-no-c99.patch | 2503 ----------------------------------- external/nss/nss.patch | 118 - external/nss/nss.windowbuild.patch.0 | 55 5 files changed, 165 insertions(+), 2521 deletions(-)
New commits: commit b42df7c74147d72025a1cdc4b903360dfd4ccbab Author: Samuel Mehrbrodt <samuel.mehrbr...@cib.de> AuthorDate: Thu Oct 8 16:16:19 2020 +0200 Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de> CommitDate: Thu Oct 8 16:16:19 2020 +0200 Revert "nss: upgrade to 3.38" This reverts commit c4481da197fc1faa536acd4e847954b0b2aab64a. diff --git a/download.lst b/download.lst index 6e1f0adbc6e1..40688ae15f6c 100644 --- a/download.lst +++ b/download.lst @@ -34,8 +34,8 @@ LIBEOT_MD5SUM := aa24f5dd2a2992f4a116aa72af817548 export LIBEOT_TARBALL := libeot-0.01.tar.bz2 LANGTAGREG_MD5SUM := 504af523f5d1a5590bbeb6a4b55e8a97 export LANGTAGREG_TARBALL := language-subtag-registry-2014-03-27.tar.bz2 -NSS_MD5SUM := cd649be8ee61fe15d64d7bef361b37ba -export NSS_TARBALL := nss-3.38-with-nspr-4.19.tar.gz +NSS_MD5SUM := e55ee06b22687df68fafc6a30c0554b2 +export NSS_TARBALL := nss-3.29.5-with-nspr-4.13.1.tar.gz PYTHON_MD5SUM := 803a75927f8f241ca78633890c798021 export PYTHON_TARBALL := Python-3.3.5.tgz OPENSSL_MD5SUM := 44279b8557c3247cbe324e2322ecd114 diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk index cf7ad65803a1..59b6147a5142 100644 --- a/external/nss/UnpackedTarball_nss.mk +++ b/external/nss/UnpackedTarball_nss.mk @@ -13,13 +13,15 @@ $(eval $(call gb_UnpackedTarball_set_tarball,nss,$(NSS_TARBALL))) $(eval $(call gb_UnpackedTarball_add_patches,nss,\ external/nss/nss.patch \ + external/nss/nss.aix.patch \ external/nss/nss-3.13.5-zlib-werror.patch \ - $(if $(filter WNTMSC,$(OS)$(COM)),nss/nss.windows.patch) \ + $(if $(filter WNTMSC,$(OS)$(COM)),external/nss/nss.windows.patch) \ + external/nss/nss.windowbuild.patch.0 \ $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \ external/nss/nss.cygwin64.in32bit.patch) \ $(if $(findstring 120_70,$(VCVER)_$(WINDOWS_SDK_VERSION)), \ external/nss/nss-winXP-sdk.patch.1) \ - $(if $(filter WNTMSC,$(OS)$(COM)),external/nss/nss-no-c99.patch) \ + external/nss/nss-no-c99.patch \ )) # vim: set noet sw=4 ts=4: diff --git a/external/nss/nss-no-c99.patch b/external/nss/nss-no-c99.patch index b695683f6d0e..eb686145e4e9 100644 --- a/external/nss/nss-no-c99.patch +++ b/external/nss/nss-no-c99.patch @@ -1475,9 +1475,34 @@ 64, } }; +--- a/nss/nss/lib/freebl/ecl/curve25519_64.c 2017-04-06 16:14:46.000000000 +0200 ++++ b/nss/nss/lib/freebl/ecl/curve25519_64.c 2018-05-22 19:18:07.482457400 +0200 +@@ -38,17 +38,17 @@ + const int64_t *in = (const int64_t *)iin; + int64_t *out = (int64_t *)ioutput; + ++ // An arithmetic shift right of 63 places turns a positive number to 0 and a ++ // negative number to all 1's. This gives us a bitmask that lets us avoid ++ // side-channel prone branches. ++ int64_t t; ++ + out[0] = in[0] - out[0]; + out[1] = in[1] - out[1]; + out[2] = in[2] - out[2]; + out[3] = in[3] - out[3]; + out[4] = in[4] - out[4]; + +- // An arithmetic shift right of 63 places turns a positive number to 0 and a +- // negative number to all 1's. This gives us a bitmask that lets us avoid +- // side-channel prone branches. +- int64_t t; +- + #define NEGCHAIN(a, b) \ + t = out[a] >> 63; \ + out[a] += twotothe51 & t; \ --- a/nss/nss/lib/softoken/pkcs11c.c 2017-04-06 16:14:46.000000000 +0200 +++ b/nss/nss/lib/softoken/pkcs11c.c 2018-05-22 19:43:15.154079800 +0200 -@@ -5125,10 +5125,11 @@ +@@ -5105,10 +5105,11 @@ crv = sftk_AddAttributeType(publicKey, CKA_EC_POINT, sftk_item_expand(&ecPriv->publicValue)); } else { @@ -1492,2493 +1517,22 @@ if (!pubValue) { crv = CKR_ARGUMENTS_BAD; goto ecgn_done; -diff -ur nss/nss/cmd/lib/secutil.c nss_new/nss/cmd/lib/secutil.c ---- a/nss/nss/cmd/lib/secutil.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/cmd/lib/secutil.c 2018-09-19 13:53:21.922607000 +0200 -@@ -217,6 +217,7 @@ - secuPWData *pwdata = (secuPWData *)arg; - secuPWData pwnull = { PW_NONE, 0 }; - secuPWData pwxtrn = { PW_EXTERNAL, "external" }; -+ char *pw; - - if (pwdata == NULL) - pwdata = &pwnull; -@@ -240,7 +241,7 @@ - sprintf(prompt, - "Press Enter, then enter PIN for \"%s\" on external device.\n", - PK11_GetTokenName(slot)); -- char *pw = SECU_GetPasswordString(NULL, prompt); -+ pw = SECU_GetPasswordString(NULL, prompt); - PORT_Free(pw); - /* Fall Through */ - case PW_PLAINTEXT: -diff -ur nss/nss/cmd/signtool/javascript.c nss_new/nss/cmd/signtool/javascript.c ---- a/nss/nss/cmd/signtool/javascript.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/cmd/signtool/javascript.c 2018-09-21 18:09:42.429614100 +0200 -@@ -6,6 +6,7 @@ - #include <prmem.h> - #include <prio.h> - #include <prenv.h> -+#include "prprf.h" - - static int javascript_fn(char *relpath, char *basedir, char *reldir, - char *filename, void *arg); -@@ -1672,7 +1673,7 @@ - { - char fn[FNSIZE]; - PRDir *dir; -- int c = snprintf(fn, sizeof(fn), "%s/%s", basepath, path); -+ int c = PR_snprintf(fn, sizeof(fn), "%s/%s", basepath, path); - if (c >= sizeof(fn)) { - return PR_FAILURE; - } -diff -ur nss/nss/cmd/signtool/sign.c nss_new/nss/cmd/signtool/sign.c ---- a/nss/nss/cmd/signtool/sign.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/cmd/signtool/sign.c 2018-09-21 18:12:32.664160400 +0200 -@@ -5,6 +5,7 @@ - #include "signtool.h" - #include "zip.h" - #include "prmem.h" -+#include "prprf.h" - #include "blapi.h" - #include "sechash.h" /* for HASH_GetHashObject() */ - -@@ -82,13 +83,13 @@ - } - - /* rsa/dsa to zip */ -- count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa")); -+ count = PR_snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa")); - if (count >= sizeof(tempfn)) { - PR_fprintf(errorFD, "unable to write key metadata\n"); - errorCount++; - exit(ERRX); - } -- count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); -+ count = PR_snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); - if (count >= sizeof(fullfn)) { - PR_fprintf(errorFD, "unable to write key metadata\n"); - errorCount++; -@@ -103,7 +104,7 @@ - } - /* mf to zip */ - strcpy(tempfn, "META-INF/manifest.mf"); -- count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); -+ count = PR_snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); - if (count >= sizeof(fullfn)) { - PR_fprintf(errorFD, "unable to write manifest\n"); - errorCount++; -@@ -112,13 +113,13 @@ - JzipAdd(fullfn, tempfn, zipfile, compression_level); - - /* sf to zip */ -- count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.sf", base); -+ count = PR_snprintf(tempfn, sizeof(tempfn), "META-INF/%s.sf", base); - if (count >= sizeof(tempfn)) { - PR_fprintf(errorFD, "unable to write sf metadata\n"); - errorCount++; - exit(ERRX); - } -- count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); -+ count = PR_snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); - if (count >= sizeof(fullfn)) { - PR_fprintf(errorFD, "unable to write sf metadata\n"); - errorCount++; -@@ -129,13 +130,13 @@ - /* Add the rsa/dsa file to the zip archive normally */ - if (!xpi_arc) { - /* rsa/dsa to zip */ -- count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa")); -+ count = PR_snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa")); - if (count >= sizeof(tempfn)) { - PR_fprintf(errorFD, "unable to write key metadata\n"); - errorCount++; - exit(ERRX); - } -- count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); -+ count = PR_snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); - if (count >= sizeof(fullfn)) { - PR_fprintf(errorFD, "unable to write key metadata\n"); - errorCount++; -@@ -456,7 +457,7 @@ - if (!PL_HashTableLookup(extensions, ext)) - return 0; - } -- count = snprintf(fullname, sizeof(fullname), "%s/%s", basedir, relpath); -+ count = PR_snprintf(fullname, sizeof(fullname), "%s/%s", basedir, relpath); - if (count >= sizeof(fullname)) { - return 1; - } -diff -ur nss/nss/lib/freebl/blake2b.c nss_new/nss/lib/freebl/blake2b.c ---- a/nss/nss/lib/freebl/blake2b.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/freebl/blake2b.c 2018-09-06 16:22:55.312309800 +0200 -@@ -147,6 +147,7 @@ - blake2b_Begin(BLAKE2BContext* ctx, uint8_t outlen, const uint8_t* key, - size_t keylen) - { -+ uint64_t param; - PORT_Assert(ctx != NULL); - if (!ctx) { - goto failure; -@@ -164,7 +165,7 @@ - } - - /* Mix key size(keylen) and desired hash length(outlen) into h0 */ -- uint64_t param = outlen ^ (keylen << 8) ^ (1 << 16) ^ (1 << 24); -+ param = outlen ^ (keylen << 8) ^ (1 << 16) ^ (1 << 24); - PORT_Memcpy(ctx->h, iv, 8 * 8); - ctx->h[0] ^= param; - ctx->outlen = outlen; -@@ -402,12 +403,13 @@ - BLAKE2BContext* - BLAKE2B_Resurrect(unsigned char* space, void* arg) - { -+ BLAKE2BContext* ctx; - PORT_Assert(space != NULL); - if (!space) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } -- BLAKE2BContext* ctx = BLAKE2B_NewContext(); -+ ctx = BLAKE2B_NewContext(); - if (ctx == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; -diff -ur nss/nss/lib/freebl/chacha20poly1305.c nss_new/nss/lib/freebl/chacha20poly1305.c ---- a/nss/nss/lib/freebl/chacha20poly1305.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/freebl/chacha20poly1305.c 2018-09-07 03:48:50.608015600 +0200 -@@ -75,6 +75,8 @@ - #endif - Hacl_Impl_Poly1305_State_poly1305_state state = - Hacl_Poly1305_mk_state(stateStack, stateStack + offset); -+ unsigned int i; -+ unsigned int j; - - unsigned char block[16] = { 0 }; - Hacl_Poly1305_init(state, (uint8_t *)key); -@@ -83,8 +85,6 @@ - memset(block, 0, 16); - Poly1305PadUpdate(state, block, ciphertext, ciphertextLen); - -- unsigned int i; -- unsigned int j; - for (i = 0, j = adLen; i < 8; i++, j >>= 8) { - block[i] = j; - } -diff -ur nss/nss/lib/freebl/ecl/ecp_25519.c nss_new/nss/lib/freebl/ecl/ecp_25519.c ---- a/nss/nss/lib/freebl/ecl/ecp_25519.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/freebl/ecl/ecp_25519.c 2018-09-07 04:22:09.320906200 +0200 -@@ -104,6 +104,7 @@ - { - PRUint8 *px; - PRUint8 basePoint[32] = { 9 }; -+ SECStatus rv; - - if (!P) { - px = basePoint; -@@ -115,7 +116,7 @@ - px = P->data; - } - -- SECStatus rv = ec_Curve25519_mul(X->data, k->data, px); -+ rv = ec_Curve25519_mul(X->data, k->data, px); - if (NSS_SecureMemcmpZero(X->data, X->len) == 0) { - return SECFailure; - } -diff -ur nss/nss/lib/freebl/verified/FStar.c nss_new/nss/lib/freebl/verified/FStar.c ---- a/nss/nss/lib/freebl/verified/FStar.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/freebl/verified/FStar.c 2018-09-10 01:27:51.192382800 +0200 -@@ -32,37 +32,45 @@ - FStar_UInt128_uint128 - FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) - { -- return ( -- (FStar_UInt128_uint128){ -- .low = a.low + b.low, -- .high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) }); -+ FStar_UInt128_uint128 ret = -+ { -+ a.low + b.low, -+ a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) -+ }; -+ return ret; - } - - FStar_UInt128_uint128 - FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) - { -- return ( -- (FStar_UInt128_uint128){ -- .low = a.low + b.low, -- .high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) }); -+ FStar_UInt128_uint128 ret = -+ { -+ a.low + b.low, -+ a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) -+ }; -+ return ret; - } - - FStar_UInt128_uint128 - FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) - { -- return ( -- (FStar_UInt128_uint128){ -- .low = a.low - b.low, -- .high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) }); -+ FStar_UInt128_uint128 ret = -+ { -+ a.low - b.low, -+ a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) -+ }; -+ return ret; - } - - static FStar_UInt128_uint128 - FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) - { -- return ( -- (FStar_UInt128_uint128){ -- .low = a.low - b.low, -- .high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) }); -+ FStar_UInt128_uint128 ret = -+ { -+ a.low - b.low, -+ a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) -+ }; -+ return ret; - } - - FStar_UInt128_uint128 -@@ -74,25 +82,29 @@ - FStar_UInt128_uint128 - FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) - { -- return ((FStar_UInt128_uint128){.low = a.low & b.low, .high = a.high & b.high }); -+ FStar_UInt128_uint128 ret = { a.low & b.low, a.high & b.high }; -+ return ret; - } - - FStar_UInt128_uint128 - FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) - { -- return ((FStar_UInt128_uint128){.low = a.low ^ b.low, .high = a.high ^ b.high }); -+ FStar_UInt128_uint128 ret = { a.low ^ b.low, a.high ^ b.high }; -+ return ret; - } - - FStar_UInt128_uint128 - FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) - { -- return ((FStar_UInt128_uint128){.low = a.low | b.low, .high = a.high | b.high }); -+ FStar_UInt128_uint128 ret = { a.low | b.low, a.high | b.high }; -+ return ret; - } - - FStar_UInt128_uint128 - FStar_UInt128_lognot(FStar_UInt128_uint128 a) - { -- return ((FStar_UInt128_uint128){.low = ~a.low, .high = ~a.high }); -+ FStar_UInt128_uint128 ret = { ~a.low, ~a.high }; -+ return ret; - } - - static uint32_t FStar_UInt128_u32_64 = (uint32_t)64U; -@@ -115,16 +127,25 @@ - if (s == (uint32_t)0U) - return a; - else -- return ( -- (FStar_UInt128_uint128){ -- .low = a.low << s, -- .high = FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s) }); -+ { -+ FStar_UInt128_uint128 ret = -+ { -+ a.low << s, -+ FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s) -+ }; -+ return ret; -+ } - } - - static FStar_UInt128_uint128 - FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s) - { -- return ((FStar_UInt128_uint128){.low = (uint64_t)0U, .high = a.low << (s - FStar_UInt128_u32_64) }); -+ FStar_UInt128_uint128 ret = -+ { -+ (uint64_t)0U, -+ a.low << (s - FStar_UInt128_u32_64) -+ }; -+ return ret; - } - - FStar_UInt128_uint128 -@@ -154,16 +175,25 @@ - if (s == (uint32_t)0U) - return a; - else -- return ( -- (FStar_UInt128_uint128){ -- .low = FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s), -- .high = a.high >> s }); -+ { -+ FStar_UInt128_uint128 ret = -+ { -+ FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s), -+ a.high >> s -+ }; -+ return ret; -+ } - } - - static FStar_UInt128_uint128 - FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s) - { -- return ((FStar_UInt128_uint128){.low = a.high >> (s - FStar_UInt128_u32_64), .high = (uint64_t)0U }); -+ FStar_UInt128_uint128 ret = -+ { -+ a.high >> (s - FStar_UInt128_u32_64), -+ (uint64_t)0U -+ }; -+ return ret; - } - - FStar_UInt128_uint128 -@@ -178,25 +208,34 @@ - FStar_UInt128_uint128 - FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) - { -- return ( -- (FStar_UInt128_uint128){ -- .low = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high), -- .high = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high) }); -+ FStar_UInt128_uint128 ret = -+ { -+ FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high), -+ FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high) -+ }; -+ return ret; - } - - FStar_UInt128_uint128 - FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) - { -- return ( -- (FStar_UInt128_uint128){ -- .low = (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)), -- .high = (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)) }); -+ FStar_UInt128_uint128 ret = -+ { -+ (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)), -+ (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)) -+ }; -+ return ret; - } - - FStar_UInt128_uint128 - FStar_UInt128_uint64_to_uint128(uint64_t a) - { -- return ((FStar_UInt128_uint128){.low = a, .high = (uint64_t)0U }); -+ FStar_UInt128_uint128 ret = -+ { -+ a, -+ (uint64_t)0U -+ }; -+ return ret; - } - - uint64_t -@@ -218,12 +257,14 @@ - static K___uint64_t_uint64_t_uint64_t_uint64_t - FStar_UInt128_mul_wide_impl_t_(uint64_t x, uint64_t y) - { -- return ( -- (K___uint64_t_uint64_t_uint64_t_uint64_t){ -- .fst = FStar_UInt128_u64_mod_32(x), -- .snd = FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y)), -- .thd = x >> FStar_UInt128_u32_32, -- .f3 = (x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32) }); -+ K___uint64_t_uint64_t_uint64_t_uint64_t ret = -+ { -+ FStar_UInt128_u64_mod_32(x), -+ FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y)), -+ x >> FStar_UInt128_u32_32, -+ (x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32) -+ }; -+ return ret; - } - - static uint64_t -@@ -240,12 +281,14 @@ - uint64_t w3 = scrut.snd; - uint64_t x_ = scrut.thd; - uint64_t t_ = scrut.f3; -- return ( -- (FStar_UInt128_uint128){ -- .low = FStar_UInt128_u32_combine_(u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_), -+ FStar_UInt128_uint128 ret = -+ { -+ FStar_UInt128_u32_combine_(u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_), - w3), -- .high = x_ * (y >> FStar_UInt128_u32_32) + (t_ >> FStar_UInt128_u32_32) + -- ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> FStar_UInt128_u32_32) }); -+ x_ * (y >> FStar_UInt128_u32_32) + (t_ >> FStar_UInt128_u32_32) + -+ ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> FStar_UInt128_u32_32) -+ }; -+ return ret; - } - - FStar_UInt128_uint128 -diff -ur nss/nss/lib/freebl/verified/Hacl_Chacha20.c nss_new/nss/lib/freebl/verified/Hacl_Chacha20.c ---- a/nss/nss/lib/freebl/verified/Hacl_Chacha20.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/freebl/verified/Hacl_Chacha20.c 2018-09-07 05:07:09.660750000 +0200 -@@ -18,7 +18,8 @@ - static void - Hacl_Lib_LoadStore32_uint32s_from_le_bytes(uint32_t *output, uint8_t *input, uint32_t len) - { -- for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { -+ uint32_t i; -+ for (i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { - uint8_t *x0 = input + (uint32_t)4U * i; - uint32_t inputi = load32_le(x0); - output[i] = inputi; -@@ -28,7 +29,8 @@ - static void - Hacl_Lib_LoadStore32_uint32s_to_le_bytes(uint8_t *output, uint32_t *input, uint32_t len) - { -- for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { -+ uint32_t i; -+ for (i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { - uint32_t hd1 = input[i]; - uint8_t *x0 = output + (uint32_t)4U * i; - store32_le(x0, hd1); -@@ -44,33 +46,54 @@ - inline static void - Hacl_Impl_Chacha20_quarter_round(uint32_t *st, uint32_t a, uint32_t b, uint32_t c, uint32_t d) - { -- uint32_t sa = st[a]; -- uint32_t sb0 = st[b]; -+ uint32_t sa; -+ uint32_t sb0; -+ uint32_t sd; -+ uint32_t sa10; -+ uint32_t sda; -+ uint32_t sa0; -+ uint32_t sb1; -+ uint32_t sd0; -+ uint32_t sa11; -+ uint32_t sda0; -+ uint32_t sa2; -+ uint32_t sb2; -+ uint32_t sd1; -+ uint32_t sa12; -+ uint32_t sda1; -+ uint32_t sa3; -+ uint32_t sb; -+ uint32_t sd2; -+ uint32_t sa1; -+ uint32_t sda2; -+ -+ sa = st[a]; -+ sb0 = st[b]; - st[a] = sa + sb0; -- uint32_t sd = st[d]; -- uint32_t sa10 = st[a]; -- uint32_t sda = sd ^ sa10; -+ sd = st[d]; -+ sa10 = st[a]; -+ sda = sd ^ sa10; - st[d] = Hacl_Impl_Chacha20_rotate_left(sda, (uint32_t)16U); -- uint32_t sa0 = st[c]; -- uint32_t sb1 = st[d]; -+ sa0 = st[c]; -+ sb1 = st[d]; - st[c] = sa0 + sb1; -- uint32_t sd0 = st[b]; -- uint32_t sa11 = st[c]; -- uint32_t sda0 = sd0 ^ sa11; -+ sd0 = st[b]; -+ sa11 = st[c]; -+ sda0 = sd0 ^ sa11; - st[b] = Hacl_Impl_Chacha20_rotate_left(sda0, (uint32_t)12U); -- uint32_t sa2 = st[a]; -- uint32_t sb2 = st[b]; -+ sa2 = st[a]; -+ sb2 = st[b]; - st[a] = sa2 + sb2; -- uint32_t sd1 = st[d]; -- uint32_t sa12 = st[a]; -- uint32_t sda1 = sd1 ^ sa12; -+ sd1 = st[d]; -+ sa12 = st[a]; -+ sda1 = sd1 ^ sa12; - st[d] = Hacl_Impl_Chacha20_rotate_left(sda1, (uint32_t)8U); -- uint32_t sa3 = st[c]; -- uint32_t sb = st[d]; -+ sa3 = st[c]; -+ sb = st[d]; - st[c] = sa3 + sb; -- uint32_t sd2 = st[b]; -- uint32_t sa1 = st[c]; -- uint32_t sda2 = sd2 ^ sa1; -+ sd2 = st[b]; -+ sa1 = st[c]; -+ sda2 = sd2 ^ sa1; - st[b] = Hacl_Impl_Chacha20_rotate_left(sda2, (uint32_t)7U); - } - -@@ -90,14 +113,16 @@ - inline static void - Hacl_Impl_Chacha20_rounds(uint32_t *st) - { -- for (uint32_t i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U) -+ uint32_t i; -+ for (i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U) - Hacl_Impl_Chacha20_double_round(st); - } - - inline static void - Hacl_Impl_Chacha20_sum_states(uint32_t *st, uint32_t *st_) +--- a/nss/nss/lib/ssl/ssl3con.c 2017-04-06 16:14:46.000000000 +0200 ++++ b/nss/nss/lib/ssl/ssl3con.c 2018-05-22 20:19:16.542798900 +0200 +@@ -2261,6 +2261,7 @@ { -- for (uint32_t i = (uint32_t)0U; i < (uint32_t)16U; i = i + (uint32_t)1U) { -+ uint32_t i; -+ for (i = (uint32_t)0U; i < (uint32_t)16U; i = i + (uint32_t)1U) { - uint32_t xi = st[i]; - uint32_t yi = st_[i]; - st[i] = xi + yi; -@@ -150,9 +175,10 @@ - uint32_t *k = b; - uint32_t *ib = b + (uint32_t)16U; - uint32_t *ob = b + (uint32_t)32U; -+ uint32_t i; - Hacl_Impl_Chacha20_chacha20_core(k, st, ctr); - Hacl_Lib_LoadStore32_uint32s_from_le_bytes(ib, plain, (uint32_t)16U); -- for (uint32_t i = (uint32_t)0U; i < (uint32_t)16U; i = i + (uint32_t)1U) { -+ for (i = (uint32_t)0U; i < (uint32_t)16U; i = i + (uint32_t)1U) { - uint32_t xi = ib[i]; - uint32_t yi = k[i]; - ob[i] = xi ^ yi; -@@ -169,9 +195,11 @@ - uint32_t ctr) - { - uint8_t block[64U] = { 0U }; -+ uint8_t *mask; -+ uint32_t i; - Hacl_Impl_Chacha20_chacha20_block(block, st, ctr); -- uint8_t *mask = block; -- for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { -+ mask = block; -+ for (i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { - uint8_t xi = plain[i]; - uint8_t yi = mask[i]; - output[i] = xi ^ yi; -@@ -186,7 +214,8 @@ - uint32_t *st, - uint32_t ctr) - { -- for (uint32_t i = (uint32_t)0U; i < num_blocks; i = i + (uint32_t)1U) { -+ uint32_t i; -+ for (i = (uint32_t)0U; i < num_blocks; i = i + (uint32_t)1U) { - uint8_t *b = plain + (uint32_t)64U * i; - uint8_t *o = output + (uint32_t)64U * i; - Hacl_Impl_Chacha20_update(o, b, st, ctr + i); -diff -ur nss/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.c nss_new/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.c ---- a/nss/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.c 2018-09-07 05:31:17.778914000 +0200 -@@ -42,53 +42,83 @@ - inline static void - Hacl_Impl_Chacha20_Vec128_State_state_setup(vec *st, uint8_t *k, uint8_t *n1, uint32_t c) - { -+ vec k0; -+ vec k1; -+ uint32_t n0; -+ uint8_t *x00; -+ uint32_t n10; -+ uint8_t *x0; -+ uint32_t n2; -+ vec v1; -+ - st[0U] = - vec_load_32x4((uint32_t)0x61707865U, - (uint32_t)0x3320646eU, - (uint32_t)0x79622d32U, - (uint32_t)0x6b206574U); -- vec k0 = vec_load128_le(k); -- vec k1 = vec_load128_le(k + (uint32_t)16U); -+ k0 = vec_load128_le(k); -+ k1 = vec_load128_le(k + (uint32_t)16U); - st[1U] = k0; - st[2U] = k1; -- uint32_t n0 = load32_le(n1); -- uint8_t *x00 = n1 + (uint32_t)4U; -- uint32_t n10 = load32_le(x00); -- uint8_t *x0 = n1 + (uint32_t)8U; -- uint32_t n2 = load32_le(x0); -- vec v1 = vec_load_32x4(c, n0, n10, n2); -+ n0 = load32_le(n1); -+ x00 = n1 + (uint32_t)4U; -+ n10 = load32_le(x00); -+ x0 = n1 + (uint32_t)8U; -+ n2 = load32_le(x0); -+ v1 = vec_load_32x4(c, n0, n10, n2); - st[3U] = v1; - } - - inline static void - Hacl_Impl_Chacha20_Vec128_round(vec *st) - { -- vec sa = st[0U]; -- vec sb0 = st[1U]; -- vec sd0 = st[3U]; -- vec sa10 = vec_add(sa, sb0); -- vec sd10 = vec_rotate_left(vec_xor(sd0, sa10), (uint32_t)16U); -+ vec sa; -+ vec sb0; -+ vec sd0; -+ vec sa10; -+ vec sd10; -+ vec sa0; -+ vec sb1; -+ vec sd2; -+ vec sa11; -+ vec sd11; -+ vec sa2; -+ vec sb2; -+ vec sd3; -+ vec sa12; -+ vec sd12; -+ vec sa3; -+ vec sb; -+ vec sd; -+ vec sa1; -+ vec sd1; -+ -+ sa = st[0U]; -+ sb0 = st[1U]; -+ sd0 = st[3U]; -+ sa10 = vec_add(sa, sb0); -+ sd10 = vec_rotate_left(vec_xor(sd0, sa10), (uint32_t)16U); - st[0U] = sa10; - st[3U] = sd10; -- vec sa0 = st[2U]; -- vec sb1 = st[3U]; -- vec sd2 = st[1U]; -- vec sa11 = vec_add(sa0, sb1); -- vec sd11 = vec_rotate_left(vec_xor(sd2, sa11), (uint32_t)12U); -+ sa0 = st[2U]; -+ sb1 = st[3U]; -+ sd2 = st[1U]; -+ sa11 = vec_add(sa0, sb1); -+ sd11 = vec_rotate_left(vec_xor(sd2, sa11), (uint32_t)12U); - st[2U] = sa11; - st[1U] = sd11; -- vec sa2 = st[0U]; -- vec sb2 = st[1U]; -- vec sd3 = st[3U]; -- vec sa12 = vec_add(sa2, sb2); -- vec sd12 = vec_rotate_left(vec_xor(sd3, sa12), (uint32_t)8U); -+ sa2 = st[0U]; -+ sb2 = st[1U]; -+ sd3 = st[3U]; -+ sa12 = vec_add(sa2, sb2); -+ sd12 = vec_rotate_left(vec_xor(sd3, sa12), (uint32_t)8U); - st[0U] = sa12; - st[3U] = sd12; -- vec sa3 = st[2U]; -- vec sb = st[3U]; -- vec sd = st[1U]; -- vec sa1 = vec_add(sa3, sb); -- vec sd1 = vec_rotate_left(vec_xor(sd, sa1), (uint32_t)7U); -+ sa3 = st[2U]; -+ sb = st[3U]; -+ sd = st[1U]; -+ sa1 = vec_add(sa3, sb); -+ sd1 = vec_rotate_left(vec_xor(sd, sa1), (uint32_t)7U); - st[2U] = sa1; - st[1U] = sd1; - } -@@ -96,17 +126,24 @@ - inline static void - Hacl_Impl_Chacha20_Vec128_double_round(vec *st) - { -+ vec r1; -+ vec r20; -+ vec r30; -+ vec r10; -+ vec r2; -+ vec r3; -+ - Hacl_Impl_Chacha20_Vec128_round(st); -- vec r1 = st[1U]; -- vec r20 = st[2U]; -- vec r30 = st[3U]; -+ r1 = st[1U]; -+ r20 = st[2U]; -+ r30 = st[3U]; - st[1U] = vec_shuffle_right(r1, (uint32_t)1U); - st[2U] = vec_shuffle_right(r20, (uint32_t)2U); - st[3U] = vec_shuffle_right(r30, (uint32_t)3U); - Hacl_Impl_Chacha20_Vec128_round(st); -- vec r10 = st[1U]; -- vec r2 = st[2U]; -- vec r3 = st[3U]; -+ r10 = st[1U]; -+ r2 = st[2U]; -+ r3 = st[3U]; - st[1U] = vec_shuffle_right(r10, (uint32_t)3U); - st[2U] = vec_shuffle_right(r2, (uint32_t)2U); - st[3U] = vec_shuffle_right(r3, (uint32_t)1U); -@@ -153,8 +190,9 @@ - inline static void - Hacl_Impl_Chacha20_Vec128_chacha20_core(vec *k, vec *st) - { -+ uint32_t i; - Hacl_Impl_Chacha20_Vec128_copy_state(k, st); -- for (uint32_t i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U) -+ for (i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U) - Hacl_Impl_Chacha20_Vec128_double_round(k); - Hacl_Impl_Chacha20_Vec128_sum_states(k, st); - } -@@ -188,8 +226,9 @@ - inline static void - Hacl_Impl_Chacha20_Vec128_chacha20_core3(vec *k0, vec *k1, vec *k2, vec *st) - { -+ uint32_t i; - Hacl_Impl_Chacha20_Vec128_chacha20_incr3(k0, k1, k2, st); -- for (uint32_t i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U) -+ for (i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U) - Hacl_Impl_Chacha20_Vec128_double_round3(k0, k1, k2); - Hacl_Impl_Chacha20_Vec128_chacha20_sum3(k0, k1, k2, st); - } -@@ -197,9 +236,10 @@ - inline static void - Hacl_Impl_Chacha20_Vec128_chacha20_block(uint8_t *stream_block, vec *st) - { -- KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); - vec k[4U]; -- for (uint32_t _i = 0U; _i < (uint32_t)4U; ++_i) -+ uint32_t _i; -+ KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); -+ for (_i = 0U; _i < (uint32_t)4U; ++_i) - k[_i] = vec_zero(); - Hacl_Impl_Chacha20_Vec128_chacha20_core(k, st); - Hacl_Impl_Chacha20_Vec128_State_state_to_key_block(stream_block, k); -@@ -215,9 +255,11 @@ - Hacl_Impl_Chacha20_Vec128_update_last(uint8_t *output, uint8_t *plain, uint32_t len, vec *st) - { - uint8_t block[64U] = { 0U }; -+ uint8_t *mask; -+ uint32_t i; - Hacl_Impl_Chacha20_Vec128_chacha20_block(block, st); -- uint8_t *mask = block; -- for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { -+ mask = block; -+ for (i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { - uint8_t xi = plain[i]; - uint8_t yi = mask[i]; - output[i] = xi ^ yi; -@@ -252,9 +294,10 @@ - static void - Hacl_Impl_Chacha20_Vec128_update(uint8_t *output, uint8_t *plain, vec *st) - { -- KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); - vec k[4U]; -- for (uint32_t _i = 0U; _i < (uint32_t)4U; ++_i) -+ uint32_t _i; -+ KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); -+ for (_i = 0U; _i < (uint32_t)4U; ++_i) - k[_i] = vec_zero(); - Hacl_Impl_Chacha20_Vec128_chacha20_core(k, st); - Hacl_Impl_Chacha20_Vec128_xor_block(output, plain, k); -@@ -263,25 +306,32 @@ - static void - Hacl_Impl_Chacha20_Vec128_update3(uint8_t *output, uint8_t *plain, vec *st) - { -- KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); - vec k0[4U]; -- for (uint32_t _i = 0U; _i < (uint32_t)4U; ++_i) -+ uint32_t _i; -+ vec k1[4U]; -+ vec k2[4U]; -+ uint8_t *p0; -+ uint8_t *p1; -+ uint8_t *p2; -+ uint8_t *o0; -+ uint8_t *o1; -+ uint8_t *o2; -+ KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); -+ for (_i = 0U; _i < (uint32_t)4U; ++_i) - k0[_i] = vec_zero(); - KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); -- vec k1[4U]; -- for (uint32_t _i = 0U; _i < (uint32_t)4U; ++_i) -+ for (_i = 0U; _i < (uint32_t)4U; ++_i) - k1[_i] = vec_zero(); - KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); -- vec k2[4U]; -- for (uint32_t _i = 0U; _i < (uint32_t)4U; ++_i) -+ for (_i = 0U; _i < (uint32_t)4U; ++_i) - k2[_i] = vec_zero(); - Hacl_Impl_Chacha20_Vec128_chacha20_core3(k0, k1, k2, st); -- uint8_t *p0 = plain; -- uint8_t *p1 = plain + (uint32_t)64U; -- uint8_t *p2 = plain + (uint32_t)128U; -- uint8_t *o0 = output; -- uint8_t *o1 = output + (uint32_t)64U; -- uint8_t *o2 = output + (uint32_t)128U; -+ p0 = plain; -+ p1 = plain + (uint32_t)64U; -+ p2 = plain + (uint32_t)128U; -+ o0 = output; -+ o1 = output + (uint32_t)64U; -+ o2 = output + (uint32_t)128U; - Hacl_Impl_Chacha20_Vec128_xor_block(o0, p0, k0); - Hacl_Impl_Chacha20_Vec128_xor_block(o1, p1, k1); - Hacl_Impl_Chacha20_Vec128_xor_block(o2, p2, k2); -@@ -308,7 +358,8 @@ - uint32_t len, - vec *st) - { -- for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) -+ uint32_t i; -+ for (i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) - Hacl_Impl_Chacha20_Vec128_update3_(output, plain, len, st, i); - } - -@@ -368,11 +419,13 @@ - uint8_t *n1, - uint32_t ctr) - { -- KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); - vec buf[4U]; -- for (uint32_t _i = 0U; _i < (uint32_t)4U; ++_i) -+ uint32_t _i; -+ vec *st; -+ KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); -+ for (_i = 0U; _i < (uint32_t)4U; ++_i) - buf[_i] = vec_zero(); -- vec *st = buf; -+ st = buf; - Hacl_Impl_Chacha20_Vec128_init(st, k, n1, ctr); - Hacl_Impl_Chacha20_Vec128_chacha20_counter_mode(output, plain, len, st); - } -diff -ur nss/nss/lib/freebl/verified/Hacl_Curve25519.c nss_new/nss/lib/freebl/verified/Hacl_Curve25519.c ---- a/nss/nss/lib/freebl/verified/Hacl_Curve25519.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/freebl/verified/Hacl_Curve25519.c 2018-09-07 06:13:30.375593700 +0200 -@@ -129,6 +129,7 @@ - Hacl_Bignum_Fmul_shift_reduce(uint64_t *output) - { - uint64_t tmp = output[4U]; -+ uint64_t b0; - { - uint32_t ctr = (uint32_t)5U - (uint32_t)0U - (uint32_t)1U; - uint64_t z = output[ctr - (uint32_t)1U]; -@@ -150,7 +151,7 @@ - output[ctr] = z; - } - output[0U] = tmp; -- uint64_t b0 = output[0U]; -+ b0 = output[0U]; - output[0U] = (uint64_t)19U * b0; - } - -@@ -177,38 +178,43 @@ - Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i); - Hacl_Bignum_Fmul_shift_reduce(input); - } -- uint32_t i = (uint32_t)4U; -- uint64_t input2i = input21[i]; -- Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i); -+ { -+ uint32_t i = (uint32_t)4U; -+ uint64_t input2i = input21[i]; -+ Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i); -+ } - } - - inline static void - Hacl_Bignum_Fmul_fmul(uint64_t *output, uint64_t *input, uint64_t *input21) - { - uint64_t tmp[5U] = { 0U }; -- memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]); -- KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); - FStar_UInt128_t t[5U]; -- for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i) -+ uint32_t _i; -+ FStar_UInt128_t b4 = t[4U]; -+ FStar_UInt128_t b0 = t[0U]; -+ FStar_UInt128_t b4_; -+ FStar_UInt128_t b0_; -+ uint64_t i0; -+ uint64_t i1; -+ uint64_t i0_; -+ uint64_t i1_; -+ KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); -+ for (_i = 0U; _i < (uint32_t)5U; ++_i) - t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U); - Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input21); - Hacl_Bignum_Fproduct_carry_wide_(t); -- FStar_UInt128_t b4 = t[4U]; -- FStar_UInt128_t b0 = t[0U]; -- FStar_UInt128_t -- b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); -- FStar_UInt128_t -- b0_ = -- FStar_UInt128_add(b0, -+ b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); -+ b0_ = FStar_UInt128_add(b0, - FStar_UInt128_mul_wide((uint64_t)19U, - FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U)))); - t[4U] = b4_; - t[0U] = b0_; - Hacl_Bignum_Fproduct_copy_from_wide_(output, t); -- uint64_t i0 = output[0U]; -- uint64_t i1 = output[1U]; -- uint64_t i0_ = i0 & (uint64_t)0x7ffffffffffffU; -- uint64_t i1_ = i1 + (i0 >> (uint32_t)51U); -+ i0 = output[0U]; -+ i1 = output[1U]; -+ i0_ = i0 & (uint64_t)0x7ffffffffffffU; -+ i1_ = i1 + (i0 >> (uint32_t)51U); - output[0U] = i0_; - output[1U] = i1_; - } -@@ -261,24 +267,27 @@ - inline static void - Hacl_Bignum_Fsquare_fsquare_(FStar_UInt128_t *tmp, uint64_t *output) - { -- Hacl_Bignum_Fsquare_fsquare__(tmp, output); -- Hacl_Bignum_Fproduct_carry_wide_(tmp); - FStar_UInt128_t b4 = tmp[4U]; - FStar_UInt128_t b0 = tmp[0U]; -- FStar_UInt128_t -- b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); -- FStar_UInt128_t -- b0_ = -- FStar_UInt128_add(b0, -+ FStar_UInt128_t b4_; -+ FStar_UInt128_t b0_; -+ uint64_t i0; -+ uint64_t i1; -+ uint64_t i0_; -+ uint64_t i1_; -+ Hacl_Bignum_Fsquare_fsquare__(tmp, output); -+ Hacl_Bignum_Fproduct_carry_wide_(tmp); -+ b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); -+ b0_ = FStar_UInt128_add(b0, - FStar_UInt128_mul_wide((uint64_t)19U, - FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U)))); - tmp[4U] = b4_; - tmp[0U] = b0_; - Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp); -- uint64_t i0 = output[0U]; -- uint64_t i1 = output[1U]; -- uint64_t i0_ = i0 & (uint64_t)0x7ffffffffffffU; -- uint64_t i1_ = i1 + (i0 >> (uint32_t)51U); -+ i0 = output[0U]; -+ i1 = output[1U]; -+ i0_ = i0 & (uint64_t)0x7ffffffffffffU; -+ i1_ = i1 + (i0 >> (uint32_t)51U); - output[0U] = i0_; - output[1U] = i1_; - } -@@ -286,17 +295,19 @@ - static void - Hacl_Bignum_Fsquare_fsquare_times_(uint64_t *input, FStar_UInt128_t *tmp, uint32_t count1) - { -+ uint32_t i; - Hacl_Bignum_Fsquare_fsquare_(tmp, input); -- for (uint32_t i = (uint32_t)1U; i < count1; i = i + (uint32_t)1U) -+ for (i = (uint32_t)1U; i < count1; i = i + (uint32_t)1U) - Hacl_Bignum_Fsquare_fsquare_(tmp, input); - } - - inline static void - Hacl_Bignum_Fsquare_fsquare_times(uint64_t *output, uint64_t *input, uint32_t count1) - { -- KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); - FStar_UInt128_t t[5U]; -- for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i) -+ uint32_t _i; -+ KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); -+ for (_i = 0U; _i < (uint32_t)5U; ++_i) - t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U); - memcpy(output, input, (uint32_t)5U * sizeof input[0U]); - Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1); -@@ -305,9 +316,10 @@ - inline static void - Hacl_Bignum_Fsquare_fsquare_times_inplace(uint64_t *output, uint32_t count1) - { -- KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); - FStar_UInt128_t t[5U]; -- for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i) -+ uint32_t _i; -+ KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); -+ for (_i = 0U; _i < (uint32_t)5U; ++_i) - t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U); - Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1); - } -@@ -319,6 +331,14 @@ - uint64_t *a = buf; - uint64_t *t00 = buf + (uint32_t)5U; - uint64_t *b0 = buf + (uint32_t)10U; -+ uint64_t *t01; -+ uint64_t *b1; -+ uint64_t *c0; -+ uint64_t *a0; -+ uint64_t *t0; -+ uint64_t *b; -+ uint64_t *c; -+ - Hacl_Bignum_Fsquare_fsquare_times(a, z, (uint32_t)1U); - Hacl_Bignum_Fsquare_fsquare_times(t00, a, (uint32_t)2U); - Hacl_Bignum_Fmul_fmul(b0, t00, z); -@@ -326,9 +346,9 @@ - Hacl_Bignum_Fsquare_fsquare_times(t00, a, (uint32_t)1U); - Hacl_Bignum_Fmul_fmul(b0, t00, b0); - Hacl_Bignum_Fsquare_fsquare_times(t00, b0, (uint32_t)5U); -- uint64_t *t01 = buf + (uint32_t)5U; -- uint64_t *b1 = buf + (uint32_t)10U; -- uint64_t *c0 = buf + (uint32_t)15U; -+ t01 = buf + (uint32_t)5U; -+ b1 = buf + (uint32_t)10U; -+ c0 = buf + (uint32_t)15U; - Hacl_Bignum_Fmul_fmul(b1, t01, b1); - Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)10U); - Hacl_Bignum_Fmul_fmul(c0, t01, b1); -@@ -337,10 +357,10 @@ - Hacl_Bignum_Fsquare_fsquare_times_inplace(t01, (uint32_t)10U); - Hacl_Bignum_Fmul_fmul(b1, t01, b1); - Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)50U); -- uint64_t *a0 = buf; -- uint64_t *t0 = buf + (uint32_t)5U; -- uint64_t *b = buf + (uint32_t)10U; -- uint64_t *c = buf + (uint32_t)15U; -+ a0 = buf; -+ t0 = buf + (uint32_t)5U; -+ b = buf + (uint32_t)10U; -+ c = buf + (uint32_t)15U; - Hacl_Bignum_Fmul_fmul(c, t0, b); - Hacl_Bignum_Fsquare_fsquare_times(t0, c, (uint32_t)100U); - Hacl_Bignum_Fmul_fmul(t0, t0, c); -@@ -384,12 +404,17 @@ - Hacl_Bignum_fdifference(uint64_t *a, uint64_t *b) - { - uint64_t tmp[5U] = { 0U }; -+ uint64_t b0; -+ uint64_t b1; -+ uint64_t b2; -+ uint64_t b3; -+ uint64_t b4; - memcpy(tmp, b, (uint32_t)5U * sizeof b[0U]); -- uint64_t b0 = tmp[0U]; -- uint64_t b1 = tmp[1U]; -- uint64_t b2 = tmp[2U]; -- uint64_t b3 = tmp[3U]; -- uint64_t b4 = tmp[4U]; -+ b0 = tmp[0U]; -+ b1 = tmp[1U]; -+ b2 = tmp[2U]; -+ b3 = tmp[3U]; -+ b4 = tmp[4U]; - tmp[0U] = b0 + (uint64_t)0x3fffffffffff68U; - tmp[1U] = b1 + (uint64_t)0x3ffffffffffff8U; - tmp[2U] = b2 + (uint64_t)0x3ffffffffffff8U; -@@ -425,9 +450,10 @@ - inline static void - Hacl_Bignum_fscalar(uint64_t *output, uint64_t *b, uint64_t s) - { -- KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); - FStar_UInt128_t tmp[5U]; -- for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i) -+ uint32_t _i; -+ KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); -+ for (_i = 0U; _i < (uint32_t)5U; ++_i) - tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U); - { - uint64_t xi = b[0U]; -@@ -450,6 +476,7 @@ - tmp[4U] = FStar_UInt128_mul_wide(xi, s); - } - Hacl_Bignum_Fproduct_carry_wide_(tmp); -+ { - FStar_UInt128_t b4 = tmp[4U]; - FStar_UInt128_t b0 = tmp[0U]; - FStar_UInt128_t -@@ -462,6 +489,7 @@ - tmp[4U] = b4_; - tmp[0U] = b0_; - Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp); -+ } - } - - inline static void -@@ -493,8 +521,9 @@ - Hacl_EC_Point_swap_conditional_(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr) - { - if (!(ctr == (uint32_t)0U)) { -+ uint32_t i; - Hacl_EC_Point_swap_conditional_step(a, b, swap1, ctr); -- uint32_t i = ctr - (uint32_t)1U; -+ i = ctr - (uint32_t)1U; - Hacl_EC_Point_swap_conditional_(a, b, swap1, i); - } - } -@@ -538,6 +567,16 @@ - uint64_t *origxprime = buf + (uint32_t)5U; - uint64_t *xxprime0 = buf + (uint32_t)25U; - uint64_t *zzprime0 = buf + (uint32_t)30U; -+ uint64_t *origxprime0; -+ uint64_t *xx0; -+ uint64_t *zz0; -+ uint64_t *xxprime; -+ uint64_t *zzprime; -+ uint64_t *zzzprime; -+ uint64_t *zzz; -+ uint64_t *xx; -+ uint64_t *zz; -+ uint64_t scalar; - memcpy(origx, x, (uint32_t)5U * sizeof x[0U]); - Hacl_Bignum_fsum(x, z); - Hacl_Bignum_fdifference(z, origx); -@@ -546,12 +585,12 @@ - Hacl_Bignum_fdifference(zprime, origxprime); - Hacl_Bignum_fmul(xxprime0, xprime, z); - Hacl_Bignum_fmul(zzprime0, x, zprime); -- uint64_t *origxprime0 = buf + (uint32_t)5U; -- uint64_t *xx0 = buf + (uint32_t)15U; -- uint64_t *zz0 = buf + (uint32_t)20U; -- uint64_t *xxprime = buf + (uint32_t)25U; -- uint64_t *zzprime = buf + (uint32_t)30U; -- uint64_t *zzzprime = buf + (uint32_t)35U; -+ origxprime0 = buf + (uint32_t)5U; -+ xx0 = buf + (uint32_t)15U; -+ zz0 = buf + (uint32_t)20U; -+ xxprime = buf + (uint32_t)25U; -+ zzprime = buf + (uint32_t)30U; -+ zzzprime = buf + (uint32_t)35U; - memcpy(origxprime0, xxprime, (uint32_t)5U * sizeof xxprime[0U]); - Hacl_Bignum_fsum(xxprime, zzprime); - Hacl_Bignum_fdifference(zzprime, origxprime0); -@@ -560,12 +599,12 @@ - Hacl_Bignum_fmul(z3, zzzprime, qx); - Hacl_Bignum_Fsquare_fsquare_times(xx0, x, (uint32_t)1U); - Hacl_Bignum_Fsquare_fsquare_times(zz0, z, (uint32_t)1U); -- uint64_t *zzz = buf + (uint32_t)10U; -- uint64_t *xx = buf + (uint32_t)15U; -- uint64_t *zz = buf + (uint32_t)20U; -+ zzz = buf + (uint32_t)10U; -+ xx = buf + (uint32_t)15U; -+ zz = buf + (uint32_t)20U; - Hacl_Bignum_fmul(x2, xx, zz); - Hacl_Bignum_fdifference(zz, xx); -- uint64_t scalar = (uint64_t)121665U; -+ scalar = (uint64_t)121665U; - Hacl_Bignum_fscalar(zzz, zz, scalar); - Hacl_Bignum_fsum(zzz, xx); - Hacl_Bignum_fmul(z2, zzz, zz); -@@ -581,9 +620,10 @@ - uint8_t byt) - { - uint64_t bit = (uint64_t)(byt >> (uint32_t)7U); -+ uint64_t bit0; - Hacl_EC_Point_swap_conditional(nq, nqpq, bit); - Hacl_EC_AddAndDouble_fmonty(nq2, nqpq2, nq, nqpq, q); -- uint64_t bit0 = (uint64_t)(byt >> (uint32_t)7U); -+ bit0 = (uint64_t)(byt >> (uint32_t)7U); - Hacl_EC_Point_swap_conditional(nq2, nqpq2, bit0); - } - -@@ -596,8 +636,9 @@ - uint64_t *q, - uint8_t byt) - { -+ uint8_t byt1; - Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq, nqpq, nq2, nqpq2, q, byt); -- uint8_t byt1 = byt << (uint32_t)1U; -+ byt1 = byt << (uint32_t)1U; - Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq2, nqpq2, nq, nqpq, q, byt1); - } - -@@ -613,8 +654,9 @@ - { - if (!(i == (uint32_t)0U)) { - uint32_t i_ = i - (uint32_t)1U; -+ uint8_t byt_; - Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(nq, nqpq, nq2, nqpq2, q, byt); -- uint8_t byt_ = byt << (uint32_t)2U; -+ byt_ = byt << (uint32_t)2U; - Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byt_, i_); - } - } -@@ -731,12 +773,16 @@ - static void - Hacl_EC_Format_fcontract_second_carry_full(uint64_t *input) - { -+ uint64_t i0; -+ uint64_t i1; -+ uint64_t i0_; -+ uint64_t i1_; - Hacl_EC_Format_fcontract_second_carry_pass(input); - Hacl_Bignum_Modulo_carry_top(input); -- uint64_t i0 = input[0U]; -- uint64_t i1 = input[1U]; -- uint64_t i0_ = i0 & (uint64_t)0x7ffffffffffffU; -- uint64_t i1_ = i1 + (i0 >> (uint32_t)51U); -+ i0 = input[0U]; -+ i1 = input[1U]; -+ i0_ = i0 & (uint64_t)0x7ffffffffffffU; -+ i1_ = i1 + (i0 >> (uint32_t)51U); - input[0U] = i0_; - input[1U] = i1_; - } -@@ -817,22 +863,32 @@ - uint64_t buf0[10U] = { 0U }; - uint64_t *x0 = buf0; - uint64_t *z = buf0 + (uint32_t)5U; -+ uint64_t *q; -+ uint8_t e[32U] = { 0U }; -+ uint8_t e0; -+ uint8_t e31; -+ uint8_t e01; -+ uint8_t e311; -+ uint8_t e312; -+ uint8_t *scalar; -+ uint64_t buf[15U] = { 0U }; -+ uint64_t *nq; -+ uint64_t *x; -+ - Hacl_EC_Format_fexpand(x0, basepoint); - z[0U] = (uint64_t)1U; -- uint64_t *q = buf0; -- uint8_t e[32U] = { 0U }; -+ q = buf0; - memcpy(e, secret, (uint32_t)32U * sizeof secret[0U]); -- uint8_t e0 = e[0U]; -- uint8_t e31 = e[31U]; -- uint8_t e01 = e0 & (uint8_t)248U; -- uint8_t e311 = e31 & (uint8_t)127U; -- uint8_t e312 = e311 | (uint8_t)64U; -+ e0 = e[0U]; -+ e31 = e[31U]; -+ e01 = e0 & (uint8_t)248U; -+ e311 = e31 & (uint8_t)127U; -+ e312 = e311 | (uint8_t)64U; - e[0U] = e01; - e[31U] = e312; -- uint8_t *scalar = e; -- uint64_t buf[15U] = { 0U }; -- uint64_t *nq = buf; -- uint64_t *x = nq; -+ scalar = e; -+ nq = buf; -+ x = nq; - x[0U] = (uint64_t)1U; - Hacl_EC_Ladder_cmult(nq, scalar, q); - Hacl_EC_Format_scalar_of_point(mypublic, nq); -diff -ur nss/nss/lib/freebl/verified/Hacl_Poly1305_32.c nss_new/nss/lib/freebl/verified/Hacl_Poly1305_32.c ---- a/nss/nss/lib/freebl/verified/Hacl_Poly1305_32.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/freebl/verified/Hacl_Poly1305_32.c 2018-09-14 18:37:50.838682200 +0200 -@@ -47,7 +47,8 @@ - inline static void - Hacl_Bignum_Fproduct_copy_from_wide_(uint32_t *output, uint64_t *input) - { -- for (uint32_t i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) { -+ uint32_t i; -+ for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) { - uint64_t xi = input[i]; - output[i] = (uint32_t)xi; - } -@@ -56,7 +57,8 @@ - inline static void - Hacl_Bignum_Fproduct_sum_scalar_multiplication_(uint64_t *output, uint32_t *input, uint32_t s) - { -- for (uint32_t i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) { -+ uint32_t i; -+ for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) { - uint64_t xi = output[i]; - uint32_t yi = input[i]; - uint64_t x_wide = (uint64_t)yi; -@@ -68,7 +70,8 @@ - inline static void - Hacl_Bignum_Fproduct_carry_wide_(uint64_t *tmp) - { -- for (uint32_t i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { -+ uint32_t i; -+ for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { - uint32_t ctr = i; - uint64_t tctr = tmp[ctr]; - uint64_t tctrp1 = tmp[ctr + (uint32_t)1U]; -@@ -82,7 +85,8 @@ - inline static void - Hacl_Bignum_Fproduct_carry_limb_(uint32_t *tmp) - { -- for (uint32_t i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { -+ uint32_t i; -+ for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { - uint32_t ctr = i; - uint32_t tctr = tmp[ctr]; - uint32_t tctrp1 = tmp[ctr + (uint32_t)1U]; -@@ -97,7 +101,8 @@ - Hacl_Bignum_Fmul_shift_reduce(uint32_t *output) - { - uint32_t tmp = output[4U]; -- for (uint32_t i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { -+ uint32_t i; -+ for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { - uint32_t ctr = (uint32_t)5U - i - (uint32_t)1U; - uint32_t z = output[ctr - (uint32_t)1U]; - output[ctr] = z; -@@ -109,13 +114,15 @@ - static void - Hacl_Bignum_Fmul_mul_shift_reduce_(uint64_t *output, uint32_t *input, uint32_t *input2) - { -- for (uint32_t i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { -+ uint32_t i; -+ uint32_t input2i; -+ for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { - uint32_t input2i = input2[i]; - Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i); - Hacl_Bignum_Fmul_shift_reduce(input); - } -- uint32_t i = (uint32_t)4U; -- uint32_t input2i = input2[i]; -+ i = (uint32_t)4U; -+ input2i = input2[i]; - Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i); - } - -@@ -123,16 +130,20 @@ - Hacl_Bignum_Fmul_fmul(uint32_t *output, uint32_t *input, uint32_t *input2) - { - uint32_t tmp[5U] = { 0U }; -- memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]); - uint64_t t[5U] = { 0U }; -+ uint32_t i0; -+ uint32_t i1; -+ uint32_t i0_; -+ uint32_t i1_; -+ memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]); - Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input2); - Hacl_Bignum_Fproduct_carry_wide_(t); - Hacl_Bignum_Modulo_carry_top_wide(t); - Hacl_Bignum_Fproduct_copy_from_wide_(output, t); -- uint32_t i0 = output[0U]; -- uint32_t i1 = output[1U]; -- uint32_t i0_ = i0 & (uint32_t)0x3ffffffU; -- uint32_t i1_ = i1 + (i0 >> (uint32_t)26U); -+ i0 = output[0U]; -+ i1 = output[1U]; -+ i0_ = i0 & (uint32_t)0x3ffffffU; -+ i1_ = i1 + (i0 >> (uint32_t)26U); - output[0U] = i0_; - output[1U] = i1_; - } -@@ -140,7 +151,8 @@ - inline static void - Hacl_Bignum_AddAndMultiply_add_and_multiply(uint32_t *acc, uint32_t *block, uint32_t *r) - { -- for (uint32_t i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) { -+ uint32_t i; -+ for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) { - uint32_t xi = acc[i]; - uint32_t yi = block[i]; - acc[i] = xi + yi; -@@ -175,13 +187,15 @@ - uint32_t r2 = i2 >> (uint32_t)4U & (uint32_t)0x3ffffffU; - uint32_t r3 = i3 >> (uint32_t)6U & (uint32_t)0x3ffffffU; - uint32_t r4 = i4 >> (uint32_t)8U; -+ uint32_t b4; -+ uint32_t b4_; - tmp[0U] = r0; - tmp[1U] = r1; - tmp[2U] = r2; - tmp[3U] = r3; - tmp[4U] = r4; -- uint32_t b4 = tmp[4U]; -- uint32_t b4_ = (uint32_t)0x1000000U | b4; -+ b4 = tmp[4U]; -+ b4_ = (uint32_t)0x1000000U | b4; - tmp[4U] = b4_; - Hacl_Bignum_AddAndMultiply_add_and_multiply(acc, tmp, r5); - } -@@ -209,15 +223,19 @@ - uint32_t r2 = i2 >> (uint32_t)4U & (uint32_t)0x3ffffffU; - uint32_t r3 = i3 >> (uint32_t)6U & (uint32_t)0x3ffffffU; - uint32_t r4 = i4 >> (uint32_t)8U; -+ Hacl_Impl_Poly1305_32_State_poly1305_state scrut0; -+ uint32_t *h; -+ Hacl_Impl_Poly1305_32_State_poly1305_state scrut; -+ uint32_t *r = scrut.r; - tmp[0U] = r0; - tmp[1U] = r1; - tmp[2U] = r2; - tmp[3U] = r3; - tmp[4U] = r4; -- Hacl_Impl_Poly1305_32_State_poly1305_state scrut0 = st; -- uint32_t *h = scrut0.h; -- Hacl_Impl_Poly1305_32_State_poly1305_state scrut = st; -- uint32_t *r = scrut.r; -+ scrut0 = st; -+ h = scrut0.h; -+ scrut = st; -+ r = scrut.r; - Hacl_Bignum_AddAndMultiply_add_and_multiply(h, tmp, r); - } - -@@ -228,12 +246,15 @@ - uint64_t rem_) - { - uint8_t zero1 = (uint8_t)0U; -- KRML_CHECK_SIZE(zero1, (uint32_t)16U); - uint8_t block[16U]; -- for (uint32_t _i = 0U; _i < (uint32_t)16U; ++_i) -+ uint32_t _i; -+ uint32_t i0; -+ uint32_t i; -+ KRML_CHECK_SIZE(zero1, (uint32_t)16U); -+ for (_i = 0U; _i < (uint32_t)16U; ++_i) - block[_i] = zero1; -- uint32_t i0 = (uint32_t)rem_; -- uint32_t i = (uint32_t)rem_; -+ i0 = (uint32_t)rem_; -+ i = (uint32_t)rem_; - memcpy(block, m, i * sizeof m[0U]); - block[i0] = (uint8_t)1U; - Hacl_Impl_Poly1305_32_poly1305_process_last_block_(block, st, m, rem_); -@@ -242,69 +263,116 @@ - static void - Hacl_Impl_Poly1305_32_poly1305_last_pass(uint32_t *acc) - { -+ uint32_t t0; -+ uint32_t t10; -+ uint32_t t20; -+ uint32_t t30; -+ uint32_t t40; -+ uint32_t t1_; -+ uint32_t mask_261; -+ uint32_t t0_; -+ uint32_t t2_; -+ uint32_t t1__; -+ uint32_t t3_; -+ uint32_t t2__; -+ uint32_t t4_; -+ uint32_t t3__; -+ uint32_t t00; -+ uint32_t t1; -+ uint32_t t2; -+ uint32_t t3; -+ uint32_t t4; -+ uint32_t t1_0; -+ uint32_t t0_0; -+ uint32_t t2_0; -+ uint32_t t1__0; -+ uint32_t t3_0; -+ uint32_t t2__0; -+ uint32_t t4_0; -+ uint32_t t3__0; -+ uint32_t i0; -+ uint32_t i1; -+ uint32_t i0_; -+ uint32_t i1_; -+ uint32_t a0; -+ uint32_t a1; -+ uint32_t a2; -+ uint32_t a3; -+ uint32_t a4; -+ uint32_t mask0; -+ uint32_t mask1; -+ uint32_t mask2; -+ uint32_t mask3; -+ uint32_t mask4; -+ uint32_t mask ; -+ uint32_t a0_; -+ uint32_t a1_; -+ uint32_t a2_; -+ uint32_t a3_; -+ uint32_t a4_; - Hacl_Bignum_Fproduct_carry_limb_(acc); - Hacl_Bignum_Modulo_carry_top(acc); -- uint32_t t0 = acc[0U]; -- uint32_t t10 = acc[1U]; -- uint32_t t20 = acc[2U]; -- uint32_t t30 = acc[3U]; -- uint32_t t40 = acc[4U]; -- uint32_t t1_ = t10 + (t0 >> (uint32_t)26U); -- uint32_t mask_261 = (uint32_t)0x3ffffffU; -- uint32_t t0_ = t0 & mask_261; -- uint32_t t2_ = t20 + (t1_ >> (uint32_t)26U); -- uint32_t t1__ = t1_ & mask_261; -- uint32_t t3_ = t30 + (t2_ >> (uint32_t)26U); -- uint32_t t2__ = t2_ & mask_261; -- uint32_t t4_ = t40 + (t3_ >> (uint32_t)26U); -- uint32_t t3__ = t3_ & mask_261; -+ t0 = acc[0U]; -+ t10 = acc[1U]; -+ t20 = acc[2U]; -+ t30 = acc[3U]; -+ t40 = acc[4U]; -+ t1_ = t10 + (t0 >> (uint32_t)26U); -+ mask_261 = (uint32_t)0x3ffffffU; -+ t0_ = t0 & mask_261; -+ t2_ = t20 + (t1_ >> (uint32_t)26U); -+ t1__ = t1_ & mask_261; -+ t3_ = t30 + (t2_ >> (uint32_t)26U); -+ t2__ = t2_ & mask_261; -+ t4_ = t40 + (t3_ >> (uint32_t)26U); -+ t3__ = t3_ & mask_261; - acc[0U] = t0_; - acc[1U] = t1__; - acc[2U] = t2__; - acc[3U] = t3__; - acc[4U] = t4_; - Hacl_Bignum_Modulo_carry_top(acc); -- uint32_t t00 = acc[0U]; -- uint32_t t1 = acc[1U]; -- uint32_t t2 = acc[2U]; -- uint32_t t3 = acc[3U]; -- uint32_t t4 = acc[4U]; -- uint32_t t1_0 = t1 + (t00 >> (uint32_t)26U); -- uint32_t t0_0 = t00 & (uint32_t)0x3ffffffU; -- uint32_t t2_0 = t2 + (t1_0 >> (uint32_t)26U); -- uint32_t t1__0 = t1_0 & (uint32_t)0x3ffffffU; -- uint32_t t3_0 = t3 + (t2_0 >> (uint32_t)26U); -- uint32_t t2__0 = t2_0 & (uint32_t)0x3ffffffU; -- uint32_t t4_0 = t4 + (t3_0 >> (uint32_t)26U); -- uint32_t t3__0 = t3_0 & (uint32_t)0x3ffffffU; -+ t00 = acc[0U]; -+ t1 = acc[1U]; -+ t2 = acc[2U]; -+ t3 = acc[3U]; -+ t4 = acc[4U]; -+ t1_0 = t1 + (t00 >> (uint32_t)26U); -+ t0_0 = t00 & (uint32_t)0x3ffffffU; -+ t2_0 = t2 + (t1_0 >> (uint32_t)26U); -+ t1__0 = t1_0 & (uint32_t)0x3ffffffU; -+ t3_0 = t3 + (t2_0 >> (uint32_t)26U); -+ t2__0 = t2_0 & (uint32_t)0x3ffffffU; -+ t4_0 = t4 + (t3_0 >> (uint32_t)26U); -+ t3__0 = t3_0 & (uint32_t)0x3ffffffU; - acc[0U] = t0_0; - acc[1U] = t1__0; - acc[2U] = t2__0; - acc[3U] = t3__0; - acc[4U] = t4_0; - Hacl_Bignum_Modulo_carry_top(acc); -- uint32_t i0 = acc[0U]; -- uint32_t i1 = acc[1U]; -- uint32_t i0_ = i0 & (uint32_t)0x3ffffffU; -- uint32_t i1_ = i1 + (i0 >> (uint32_t)26U); -+ i0 = acc[0U]; -+ i1 = acc[1U]; -+ i0_ = i0 & (uint32_t)0x3ffffffU; -+ i1_ = i1 + (i0 >> (uint32_t)26U); - acc[0U] = i0_; - acc[1U] = i1_; -- uint32_t a0 = acc[0U]; -- uint32_t a1 = acc[1U]; -- uint32_t a2 = acc[2U]; -- uint32_t a3 = acc[3U]; -- uint32_t a4 = acc[4U]; -- uint32_t mask0 = FStar_UInt32_gte_mask(a0, (uint32_t)0x3fffffbU); -- uint32_t mask1 = FStar_UInt32_eq_mask(a1, (uint32_t)0x3ffffffU); -- uint32_t mask2 = FStar_UInt32_eq_mask(a2, (uint32_t)0x3ffffffU); -- uint32_t mask3 = FStar_UInt32_eq_mask(a3, (uint32_t)0x3ffffffU); -- uint32_t mask4 = FStar_UInt32_eq_mask(a4, (uint32_t)0x3ffffffU); -- uint32_t mask = (((mask0 & mask1) & mask2) & mask3) & mask4; -- uint32_t a0_ = a0 - ((uint32_t)0x3fffffbU & mask); -- uint32_t a1_ = a1 - ((uint32_t)0x3ffffffU & mask); -- uint32_t a2_ = a2 - ((uint32_t)0x3ffffffU & mask); -- uint32_t a3_ = a3 - ((uint32_t)0x3ffffffU & mask); -- uint32_t a4_ = a4 - ((uint32_t)0x3ffffffU & mask); -+ a0 = acc[0U]; -+ a1 = acc[1U]; -+ a2 = acc[2U]; -+ a3 = acc[3U]; -+ a4 = acc[4U]; -+ mask0 = FStar_UInt32_gte_mask(a0, (uint32_t)0x3fffffbU); -+ mask1 = FStar_UInt32_eq_mask(a1, (uint32_t)0x3ffffffU); -+ mask2 = FStar_UInt32_eq_mask(a2, (uint32_t)0x3ffffffU); -+ mask3 = FStar_UInt32_eq_mask(a3, (uint32_t)0x3ffffffU); -+ mask4 = FStar_UInt32_eq_mask(a4, (uint32_t)0x3ffffffU); -+ mask = (((mask0 & mask1) & mask2) & mask3) & mask4; -+ a0_ = a0 - ((uint32_t)0x3fffffbU & mask); -+ a1_ = a1 - ((uint32_t)0x3ffffffU & mask); -+ a2_ = a2 - ((uint32_t)0x3ffffffU & mask); -+ a3_ = a3 - ((uint32_t)0x3ffffffU & mask); -+ a4_ = a4 - ((uint32_t)0x3ffffffU & mask); - acc[0U] = a0_; - acc[1U] = a1_; - acc[2U] = a2_; -@@ -315,7 +383,8 @@ - static Hacl_Impl_Poly1305_32_State_poly1305_state - Hacl_Impl_Poly1305_32_mk_state(uint32_t *r, uint32_t *h) - { -- return ((Hacl_Impl_Poly1305_32_State_poly1305_state){.r = r, .h = h }); -+ Hacl_Impl_Poly1305_32_State_poly1305_state aState = {r, h }; -+ return aState; - } - - static void -@@ -327,8 +396,9 @@ - if (!(len1 == (uint64_t)0U)) { - uint8_t *block = m; - uint8_t *tail1 = m + (uint32_t)16U; -+ uint64_t len2; - Hacl_Impl_Poly1305_32_poly1305_update(st, block); -- uint64_t len2 = len1 - (uint64_t)1U; -+ len2 = len1 - (uint64_t)1U; - Hacl_Standalone_Poly1305_32_poly1305_blocks(st, tail1, len2); - } - } -@@ -363,14 +433,17 @@ - uint32_t - r4 = - (uint32_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(k_clamped, (uint32_t)104U)) & (uint32_t)0x3ffffffU; -+ Hacl_Impl_Poly1305_32_State_poly1305_state scrut0; -+ uint32_t *h; -+ uint32_t *x00; - x0[0U] = r0; - x0[1U] = r1; - x0[2U] = r2; - x0[3U] = r3; - x0[4U] = r4; -- Hacl_Impl_Poly1305_32_State_poly1305_state scrut0 = st; -- uint32_t *h = scrut0.h; -- uint32_t *x00 = h; -+ scrut0 = st; -+ h = scrut0.h; -+ x00 = h; - x00[0U] = (uint32_t)0U; - x00[1U] = (uint32_t)0U; - x00[2U] = (uint32_t)0U; -@@ -391,12 +464,15 @@ - uint64_t rem16 = len1 & (uint64_t)0xfU; - uint8_t *part_input = m; - uint8_t *last_block = m + (uint32_t)((uint64_t)16U * len16); -+ Hacl_Impl_Poly1305_32_State_poly1305_state scrut; -+ uint32_t *h; -+ uint32_t *acc; - Hacl_Standalone_Poly1305_32_poly1305_partial(st, part_input, len16, kr); - if (!(rem16 == (uint64_t)0U)) - Hacl_Impl_Poly1305_32_poly1305_process_last_block(st, last_block, rem16); -- Hacl_Impl_Poly1305_32_State_poly1305_state scrut = st; -- uint32_t *h = scrut.h; -- uint32_t *acc = h; -+ scrut = st; -+ h = scrut.h; -+ acc = h; - Hacl_Impl_Poly1305_32_poly1305_last_pass(acc); - } - -@@ -413,6 +489,7 @@ - Hacl_Impl_Poly1305_32_State_poly1305_state st = Hacl_Impl_Poly1305_32_mk_state(r, h); - uint8_t *key_s = k1 + (uint32_t)16U; - Hacl_Standalone_Poly1305_32_poly1305_complete(st, input, len1, k1); -+ { - Hacl_Impl_Poly1305_32_State_poly1305_state scrut = st; - uint32_t *h5 = scrut.h; - uint32_t *acc = h5; -@@ -435,6 +512,7 @@ - FStar_UInt128_uint64_to_uint128((uint64_t)h0))))); - FStar_UInt128_t mac_ = FStar_UInt128_add_mod(acc_, k_); - store128_le(output, mac_); -+ } - } - - static void -@@ -485,14 +563,17 @@ - uint32_t - r4 = - (uint32_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(k_clamped, (uint32_t)104U)) & (uint32_t)0x3ffffffU; -+ Hacl_Impl_Poly1305_32_State_poly1305_state scrut0; -+ uint32_t *h; -+ uint32_t *x00; - x0[0U] = r0; - x0[1U] = r1; - x0[2U] = r2; - x0[3U] = r3; - x0[4U] = r4; -- Hacl_Impl_Poly1305_32_State_poly1305_state scrut0 = st; -- uint32_t *h = scrut0.h; -- uint32_t *x00 = h; -+ scrut0 = st; -+ h = scrut0.h; -+ x00 = h; - x00[0U] = (uint32_t)0U; - x00[1U] = (uint32_t)0U; - x00[2U] = (uint32_t)0U; -@@ -529,11 +610,14 @@ - uint8_t *m, - uint32_t len1) - { -+ Hacl_Impl_Poly1305_32_State_poly1305_state scrut; -+ uint32_t *h; -+ uint32_t *acc; - if (!((uint64_t)len1 == (uint64_t)0U)) - Hacl_Impl_Poly1305_32_poly1305_process_last_block(st, m, (uint64_t)len1); -- Hacl_Impl_Poly1305_32_State_poly1305_state scrut = st; -- uint32_t *h = scrut.h; -- uint32_t *acc = h; -+ scrut = st; -+ h = scrut.h; -+ acc = h; - Hacl_Impl_Poly1305_32_poly1305_last_pass(acc); - } - -diff -ur nss/nss/lib/freebl/verified/kremlib.h nss_new/nss/lib/freebl/verified/kremlib.h ---- a/nss/nss/lib/freebl/verified/kremlib.h 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/freebl/verified/kremlib.h 2018-09-07 03:48:09.669539000 +0200 -@@ -592,7 +592,7 @@ - static inline void - print128_(const char *where, uint128_t *n) - { -- KRML_HOST_PRINTF("%s: [0x%08" PRIx64 ",0x%08" PRIx64 "]\n", where, n->high, n->low); -+ // KRML_HOST_PRINTF("%s: [0x%08" PRIx64 ",0x%08" PRIx64 "]\n", where, n->high, n->low); - } - - static inline void -diff -ur nss/nss/lib/freebl/verified/kremlib_base.h nss_new/nss/lib/freebl/verified/kremlib_base.h ---- a/nss/nss/lib/freebl/verified/kremlib_base.h 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/freebl/verified/kremlib_base.h 2018-09-07 03:11:39.712507800 +0200 -@@ -16,9 +16,17 @@ - #ifndef __KREMLIB_BASE_H - #define __KREMLIB_BASE_H - --#include <inttypes.h> -+//#include <inttypes.h> -+#include <stdint.h> - #include <limits.h> --#include <stdbool.h> -+ -+//#include <stdbool.h> -+typedef int bool; -+#define true 1 -+#define false 0 -+ -+#define inline -+ - #include <stdio.h> - #include <stdlib.h> - #include <string.h> -diff -ur nss/nss/lib/pk11wrap/pk11skey.c nss_new/nss/lib/pk11wrap/pk11skey.c ---- a/nss/nss/lib/pk11wrap/pk11skey.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/pk11wrap/pk11skey.c 2018-09-18 11:33:52.253969200 +0200 -@@ -2217,12 +2217,13 @@ - /* old PKCS #11 spec was ambiguous on what needed to be passed, - * try this again with an encoded public key */ - if (crv != CKR_OK) { -+ SECItem *pubValue; - /* For curves that only use X as public value and no encoding we don't - * have to try again. (Currently only Curve25519) */ - if (pk11_ECGetPubkeyEncoding(pubKey) == ECPoint_XOnly) { - goto loser; - } -- SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL, -+ pubValue = SEC_ASN1EncodeItem(NULL, NULL, - &pubKey->u.ec.publicValue, - SEC_ASN1_GET(SEC_OctetStringTemplate)); - if (pubValue == NULL) { -diff -ur nss/nss/lib/pkcs7/p7create.c nss_new/nss/lib/pkcs7/p7create.c ---- a/nss/nss/lib/pkcs7/p7create.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/pkcs7/p7create.c 2018-09-19 13:40:41.437890500 +0200 -@@ -1263,6 +1263,7 @@ - SECAlgorithmID *algid; - SEC_PKCS7EncryptedData *enc_data; + const ssl3MACDef *mac_def; SECStatus rv; -+ SECAlgorithmID *pbe_algid; - - PORT_Assert(SEC_PKCS5IsAlgorithmPBEAlgTag(pbe_algorithm)); - -@@ -1274,7 +1275,6 @@ - enc_data = cinfo->content.encryptedData; - algid = &(enc_data->encContentInfo.contentEncAlg); - -- SECAlgorithmID *pbe_algid; - pbe_algid = PK11_CreatePBEV2AlgorithmID(pbe_algorithm, - cipher_algorithm, - prf_algorithm, -diff -ur nss/nss/lib/softoken/sdb.c nss_new/nss/lib/softoken/sdb.c ---- a/nss/nss/lib/softoken/sdb.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/softoken/sdb.c 2018-09-14 18:47:11.826781200 +0200 -@@ -206,12 +206,13 @@ - sdb_chmod(const char *filename, int pmode) - { - int result; -+ wchar_t *filenameWide; - - if (!filename) { - return -1; - } - -- wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename); -+ filenameWide = _NSSUTIL_UTF8ToWide(filename); - if (!filenameWide) { - return -1; - } -diff -ur nss/nss/lib/ssl/dtls13con.c nss_new/nss/lib/ssl/dtls13con.c ---- a/nss/nss/lib/ssl/dtls13con.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/ssl/dtls13con.c 2018-09-18 12:37:53.795110600 +0200 -@@ -64,7 +64,7 @@ - } DTLSHandshakeRecordEntry; ++ PK11Context *mac_context; - /* Combine the epoch and sequence number into a single value. */ --static inline sslSequenceNumber -+static sslSequenceNumber - dtls_CombineSequenceNumber(DTLSEpoch epoch, sslSequenceNumber seqNum) - { - PORT_Assert(seqNum <= RECORD_SEQ_MAX); -diff -ur nss/nss/lib/ssl/selfencrypt.c nss_new/nss/lib/ssl/selfencrypt.c ---- a/nss/nss/lib/ssl/selfencrypt.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/ssl/selfencrypt.c 2018-09-19 01:42:46.230591100 +0200 -@@ -197,30 +197,35 @@ - sslReadBuffer encodedKeyNameBuffer = { 0 }; - SECStatus rv = sslRead_Read(&reader, SELF_ENCRYPT_KEY_NAME_LEN, - &encodedKeyNameBuffer); -+ sslReadBuffer ivBuffer = { 0 }; -+ PRUint64 cipherTextLen; -+ sslReadBuffer cipherTextBuffer = { 0 }; -+ unsigned int bytesToMac; -+ sslReadBuffer encodedMacBuffer = { 0 }; -+ unsigned char computedMac[SHA256_LENGTH]; -+ unsigned int computedMacLen; -+ - if (rv != SECSuccess) { - return SECFailure; + PRINT_BUF(95, (NULL, "frag hash1: header", header, headerLen)); + PRINT_BUF(95, (NULL, "frag hash1: input", input, inputLength)); +@@ -2271,7 +2272,7 @@ + return SECSuccess; } -- sslReadBuffer ivBuffer = { 0 }; - rv = sslRead_Read(&reader, AES_BLOCK_SIZE, &ivBuffer); - if (rv != SECSuccess) { - return SECFailure; - } - -- PRUint64 cipherTextLen = 0; -+ cipherTextLen = 0; - rv = sslRead_ReadNumber(&reader, 2, &cipherTextLen); - if (rv != SECSuccess) { - return SECFailure; - } - -- sslReadBuffer cipherTextBuffer = { 0 }; - rv = sslRead_Read(&reader, (unsigned int)cipherTextLen, &cipherTextBuffer); - if (rv != SECSuccess) { - return SECFailure; - } -- unsigned int bytesToMac = reader.offset; -+ bytesToMac = reader.offset; - -- sslReadBuffer encodedMacBuffer = { 0 }; - rv = sslRead_Read(&reader, SHA256_LENGTH, &encodedMacBuffer); - if (rv != SECSuccess) { - return SECFailure; -@@ -240,8 +245,7 @@ - } - - /* 2. Check the MAC */ -- unsigned char computedMac[SHA256_LENGTH]; -- unsigned int computedMacLen = 0; -+ computedMacLen = 0; - rv = ssl_MacBuffer(macKey, CKM_SHA256_HMAC, in, bytesToMac, - computedMac, &computedMacLen, sizeof(computedMac)); - if (rv != SECSuccess) { -@@ -254,12 +258,14 @@ - } - - /* 3. OK, it verifies, now decrypt. */ -+ { - SECItem ivItem = { siBuffer, (unsigned char *)ivBuffer.buf, AES_BLOCK_SIZE }; - rv = PK11_Decrypt(encKey, CKM_AES_CBC_PAD, &ivItem, - out, outLen, maxOutLen, cipherTextBuffer.buf, cipherTextLen); - if (rv != SECSuccess) { - return SECFailure; - } -+ } - - return SECSuccess; - } -diff -ur nss/nss/lib/ssl/ssl3con.c nss_new/nss/lib/ssl/ssl3con.c ---- a/nss/nss/lib/ssl/ssl3con.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/ssl/ssl3con.c 2018-09-18 12:54:26.104920200 +0200 -@@ -5563,6 +5563,7 @@ - SECStatus rv = SECFailure; - SECItem enc_pms = { siBuffer, NULL, 0 }; - PRBool isTLS; -+ unsigned int svrPubKeyBits; - - PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); - PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); -@@ -5579,7 +5580,7 @@ - } - - /* Get the wrapped (encrypted) pre-master secret, enc_pms */ -- unsigned int svrPubKeyBits = SECKEY_PublicKeyStrengthInBits(svrPubKey); -+ svrPubKeyBits = SECKEY_PublicKeyStrengthInBits(svrPubKey); - enc_pms.len = (svrPubKeyBits + 7) / 8; - /* Check that the RSA key isn't larger than 8k bit. */ - if (svrPubKeyBits > SSL_MAX_RSA_KEY_BITS) { -@@ -11746,11 +11747,13 @@ - } - - for (i = 0; i < toCheck; i++) { -+ unsigned char mask; -+ unsigned char b; - t = paddingLength - i; - /* If i <= paddingLength then the MSB of t is zero and mask is - * 0xff. Otherwise, mask is 0. */ -- unsigned char mask = DUPLICATE_MSB_TO_ALL(~t); -- unsigned char b = plaintext->buf[plaintext->len - 1 - i]; -+ mask = DUPLICATE_MSB_TO_ALL(~t); -+ b = plaintext->buf[plaintext->len - 1 - i]; - /* The final |paddingLength+1| bytes should all have the value - * |paddingLength|. Therefore the XOR should be zero. */ - good &= ~(mask & (paddingLength ^ b)); -@@ -12292,6 +12295,7 @@ - } - - if (rv != SECSuccess) { -+ int errCode; - ssl_ReleaseSpecReadLock(ss); /***************************/ - - SSL_DBG(("%d: SSL3[%d]: decryption failed", SSL_GETPID(), ss->fd)); -@@ -12322,7 +12326,7 @@ - return SECSuccess; - } - -- int errCode = PORT_GetError(); -+ errCode = PORT_GetError(); - SSL3_SendAlert(ss, alert_fatal, alert); - /* Reset the error code in case SSL3_SendAlert called - * PORT_SetError(). */ -diff -ur nss/nss/lib/ssl/ssl3exthandle.c nss_new/nss/lib/ssl/ssl3exthandle.c ---- a/nss/nss/lib/ssl/ssl3exthandle.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/ssl/ssl3exthandle.c 2018-09-18 14:20:01.612911900 +0200 -@@ -1914,6 +1914,8 @@ - sslBuffer *buf, PRBool *added) - { - PRUint32 maxLimit; -+ PRUint32 limit; -+ SECStatus rv; - if (ss->sec.isServer) { - maxLimit = (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) - ? (MAX_FRAGMENT_LENGTH + 1) -@@ -1923,8 +1925,8 @@ - ? (MAX_FRAGMENT_LENGTH + 1) - : MAX_FRAGMENT_LENGTH; - } -- PRUint32 limit = PR_MIN(ss->opt.recordSizeLimit, maxLimit); -- SECStatus rv = sslBuffer_AppendNumber(buf, limit, 2); -+ limit = PR_MIN(ss->opt.recordSizeLimit, maxLimit); -+ rv = sslBuffer_AppendNumber(buf, limit, 2); - if (rv != SECSuccess) { - return SECFailure; - } -diff -ur nss/nss/lib/ssl/sslbloom.c nss_new/nss/lib/ssl/sslbloom.c ---- a/nss/nss/lib/ssl/sslbloom.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/ssl/sslbloom.c 2018-09-18 13:09:01.900866100 +0200 -@@ -10,7 +10,7 @@ - #include "prnetdb.h" - #include "secport.h" - --static inline unsigned int -+static unsigned int - sslBloom_Size(unsigned int bits) - { - return (bits >= 3) ? (1 << (bits - 3)) : 1; -diff -ur nss/nss/lib/ssl/sslencode.c nss_new/nss/lib/ssl/sslencode.c ---- a/nss/nss/lib/ssl/sslencode.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/ssl/sslencode.c 2018-09-18 13:43:20.673756400 +0200 -@@ -214,6 +214,8 @@ - SECStatus - sslRead_ReadNumber(sslReader *reader, unsigned int bytes, PRUint64 *num) - { -+ unsigned int i; -+ PRUint64 number; - if (!reader || !num) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; -@@ -224,8 +226,7 @@ - PORT_SetError(SEC_ERROR_BAD_DATA); - return SECFailure; - } -- unsigned int i; -- PRUint64 number = 0; -+ number = 0; - for (i = 0; i < bytes; i++) { - number = (number << 8) + reader->buf.buf[i + reader->offset]; - } -diff -ur nss/nss/lib/ssl/sslnonce.c nss_new/nss/lib/ssl/sslnonce.c ---- a/nss/nss/lib/ssl/sslnonce.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/ssl/sslnonce.c 2018-09-18 23:16:11.660366800 +0200 -@@ -439,6 +439,10 @@ - ssl_DecodeResumptionToken(sslSessionID *sid, const PRUint8 *encodedToken, - PRUint32 encodedTokenLen) - { -+ sslReader reader = SSL_READER(encodedToken, encodedTokenLen); -+ sslReadBuffer readerBuffer = { 0 }; -+ PRUint64 tmpInt; -+ - PORT_Assert(encodedTokenLen); - PORT_Assert(encodedToken); - PORT_Assert(sid); -@@ -454,10 +458,8 @@ - } - - /* These variables are used across macros. Don't use them outside. */ -- sslReader reader = SSL_READER(encodedToken, encodedTokenLen); - reader.offset += 1; // We read the version already. Skip the first byte. -- sslReadBuffer readerBuffer = { 0 }; -- PRUint64 tmpInt = 0; -+ tmpInt = 0; - - if (sslRead_ReadNumber(&reader, 8, &tmpInt) != SECSuccess) { - return SECFailure; -@@ -494,9 +496,9 @@ - return SECFailure; - } - if (readerBuffer.len) { -- PORT_Assert(!sid->peerCert); - SECItem tempItem = { siBuffer, (unsigned char *)readerBuffer.buf, - readerBuffer.len }; -+ PORT_Assert(!sid->peerCert); - sid->peerCert = CERT_NewTempCertificate(NULL, /* dbHandle */ - &tempItem, - NULL, PR_FALSE, PR_TRUE); -@@ -514,9 +516,11 @@ - if (!sid->peerCertStatus.items) { - return SECFailure; - } -+ { - SECItem tempItem = { siBuffer, (unsigned char *)readerBuffer.buf, - readerBuffer.len }; - SECITEM_CopyItem(NULL, &sid->peerCertStatus.items[0], &tempItem); -+ } - } - - if (sslRead_ReadVariable(&reader, 1, &readerBuffer) != SECSuccess) { -@@ -546,11 +550,13 @@ - } - if (readerBuffer.len) { - PORT_Assert(!sid->localCert); -+ { - SECItem tempItem = { siBuffer, (unsigned char *)readerBuffer.buf, - readerBuffer.len }; - sid->localCert = CERT_NewTempCertificate(NULL, /* dbHandle */ - &tempItem, - NULL, PR_FALSE, PR_TRUE); -+ } - } - - if (sslRead_ReadNumber(&reader, 8, &sid->addr.pr_s6_addr64[0]) != SECSuccess) { -@@ -706,13 +712,16 @@ - PRBool - ssl_IsResumptionTokenValid(sslSocket *ss) - { -+ sslSessionID *sid; -+ PRTime endTime; -+ NewSessionTicket *ticket; - PORT_Assert(ss); -- sslSessionID *sid = ss->sec.ci.sid; -+ sid = ss->sec.ci.sid; - PORT_Assert(sid); - - // Check that the ticket didn't expire. -- PRTime endTime = 0; -- NewSessionTicket *ticket = &sid->u.ssl3.locked.sessionTicket; -+ endTime = 0; -+ ticket = &sid->u.ssl3.locked.sessionTicket; - if (ticket->ticket_lifetime_hint != 0) { - endTime = ticket->received_timestamp + - (PRTime)(ticket->ticket_lifetime_hint * PR_USEC_PER_SEC); -@@ -746,6 +755,8 @@ - static SECStatus - ssl_EncodeResumptionToken(sslSessionID *sid, sslBuffer *encodedTokenBuf) - { -+ SECStatus rv; -+ PRUint64 len; - PORT_Assert(encodedTokenBuf); - PORT_Assert(sid); - if (!sid || !sid->u.ssl3.locked.sessionTicket.ticket.len || -@@ -760,7 +771,7 @@ - * SECItems are prepended with a 64-bit length field followed by the bytes. - * Optional bytes are encoded as a 0-length item if not present. - */ -- SECStatus rv = sslBuffer_AppendNumber(encodedTokenBuf, -+ rv = sslBuffer_AppendNumber(encodedTokenBuf, - SSLResumptionTokenVersion, 1); - if (rv != SECSuccess) { - return SECFailure; -@@ -843,7 +854,7 @@ - } - } - -- PRUint64 len = sid->peerID ? strlen(sid->peerID) : 0; -+ len = sid->peerID ? strlen(sid->peerID) : 0; - if (len > PR_UINT8_MAX) { - // This string really shouldn't be that long. - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); -@@ -1052,8 +1063,10 @@ - void - ssl_CacheExternalToken(sslSocket *ss) - { -+ sslSessionID *sid; -+ sslBuffer encodedToken = SSL_BUFFER_EMPTY; - PORT_Assert(ss); -- sslSessionID *sid = ss->sec.ci.sid; -+ sid = ss->sec.ci.sid; - PORT_Assert(sid); - PORT_Assert(sid->cached == never_cached); - PORT_Assert(ss->resumptionTokenCallback); -@@ -1083,8 +1096,6 @@ - sid->expirationTime = sid->creationTime + ssl3_sid_timeout; - } - -- sslBuffer encodedToken = SSL_BUFFER_EMPTY; -- - if (ssl_EncodeResumptionToken(sid, &encodedToken) != SECSuccess) { - SSL_TRC(3, ("SSL [%d]: encoding resumption token failed", ss->fd)); - return; -@@ -1127,11 +1138,12 @@ - void - ssl_UncacheSessionID(sslSocket *ss) - { -+ sslSecurityInfo *sec; - if (ss->opt.noCache) { - return; - } - -- sslSecurityInfo *sec = &ss->sec; -+ sec = &ss->sec; - PORT_Assert(sec); - - if (sec->ci.sid) { -diff -ur nss/nss/lib/ssl/sslsnce.c nss_new/nss/lib/ssl/sslsnce.c ---- a/nss/nss/lib/ssl/sslsnce.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/ssl/sslsnce.c 2018-09-18 23:29:00.521322700 +0200 -@@ -732,12 +732,12 @@ - void - ssl_ServerCacheSessionID(sslSessionID *sid) - { -- PORT_Assert(sid); -- - sidCacheEntry sce; - PRUint32 now = 0; - cacheDesc *cache = &globalCache; - -+ PORT_Assert(sid); -+ - if (sid->u.ssl3.sessionIDLength == 0) { - return; - } -diff -ur nss/nss/lib/ssl/sslsock.c nss_new/nss/lib/ssl/sslsock.c ---- a/nss/nss/lib/ssl/sslsock.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/ssl/sslsock.c 2018-09-19 00:07:12.192937500 +0200 -@@ -53,36 +53,36 @@ - ** default settings for socket enables - */ - static sslOptions ssl_defaults = { -- .nextProtoNego = { siBuffer, NULL, 0 }, -- .maxEarlyDataSize = 1 << 16, -- .recordSizeLimit = MAX_FRAGMENT_LENGTH + 1, -- .useSecurity = PR_TRUE, -- .useSocks = PR_FALSE, -- .requestCertificate = PR_FALSE, -- .requireCertificate = SSL_REQUIRE_FIRST_HANDSHAKE, -- .handshakeAsClient = PR_FALSE, -- .handshakeAsServer = PR_FALSE, -- .noCache = PR_FALSE, -- .fdx = PR_FALSE, -- .detectRollBack = PR_TRUE, -- .noLocks = PR_FALSE, -- .enableSessionTickets = PR_FALSE, -- .enableDeflate = PR_FALSE, -- .enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN, -- .requireSafeNegotiation = PR_FALSE, -- .enableFalseStart = PR_FALSE, -- .cbcRandomIV = PR_TRUE, -- .enableOCSPStapling = PR_FALSE, -- .enableALPN = PR_TRUE, -- .reuseServerECDHEKey = PR_TRUE, -- .enableFallbackSCSV = PR_FALSE, -- .enableServerDhe = PR_TRUE, -- .enableExtendedMS = PR_FALSE, -- .enableSignedCertTimestamps = PR_FALSE, -- .requireDHENamedGroups = PR_FALSE, -- .enable0RttData = PR_FALSE, -- .enableTls13CompatMode = PR_FALSE, -- .enableDtlsShortHeader = PR_FALSE -+ { siBuffer, NULL, 0 }, -+ MAX_FRAGMENT_LENGTH + 1, -+ 1 << 16, -+ PR_TRUE, -+ PR_FALSE, -+ PR_FALSE, -+ SSL_REQUIRE_FIRST_HANDSHAKE, -+ PR_FALSE, -+ PR_FALSE, -+ PR_FALSE, -+ PR_FALSE, -+ PR_TRUE, -+ PR_FALSE, -+ PR_FALSE, -+ PR_FALSE, -+ SSL_RENEGOTIATE_REQUIRES_XTN, -+ PR_FALSE, -+ PR_FALSE, -+ PR_TRUE, -+ PR_FALSE, -+ PR_TRUE, -+ PR_TRUE, -+ PR_FALSE, -+ PR_TRUE, -+ PR_FALSE, -+ PR_FALSE, -+ PR_FALSE, -+ PR_FALSE, -+ PR_FALSE, -+ PR_FALSE - }; - - /* -@@ -2002,6 +2002,7 @@ - unsigned int length) - { - sslSocket *ss; -+ size_t firstLen; - - ss = ssl_FindSocket(fd); - if (!ss) { -@@ -2020,7 +2021,7 @@ - ssl_GetSSL3HandshakeLock(ss); - SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE); - SECITEM_AllocItem(NULL, &ss->opt.nextProtoNego, length); -- size_t firstLen = data[0] + 1; -+ firstLen = data[0] + 1; - /* firstLen <= length is ensured by ssl3_ValidateAppProtocol. */ - PORT_Memcpy(ss->opt.nextProtoNego.data + (length - firstLen), data, firstLen); - PORT_Memcpy(ss->opt.nextProtoNego.data, data + firstLen, length - firstLen); -@@ -4049,6 +4050,7 @@ - unsigned int len) - { - sslSocket *ss = ssl_FindSocket(fd); -+ SECStatus rv; - - if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetResumptionToken", -@@ -4079,7 +4081,7 @@ - } - - /* Populate NewSessionTicket values */ -- SECStatus rv = ssl_DecodeResumptionToken(ss->sec.ci.sid, token, len); -+ rv = ssl_DecodeResumptionToken(ss->sec.ci.sid, token, len); - if (rv != SECSuccess) { - // If decoding fails, we assume the token is bad. - PORT_SetError(SSL_ERROR_BAD_RESUMPTION_TOKEN_ERROR); -@@ -4133,13 +4135,13 @@ - SSLExp_GetResumptionTokenInfo(const PRUint8 *tokenData, unsigned int tokenLen, - SSLResumptionTokenInfo *tokenOut, PRUintn len) - { -+ sslSessionID sid = { 0 }; -+ SSLResumptionTokenInfo token; - if (!tokenData || !tokenOut || !tokenLen || - len > sizeof(SSLResumptionTokenInfo)) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } -- sslSessionID sid = { 0 }; -- SSLResumptionTokenInfo token; - - /* Populate sid values */ - if (ssl_DecodeResumptionToken(&sid, tokenData, tokenLen) != SECSuccess) { -diff -ur nss/nss/lib/ssl/tls13hashstate.c nss_new/nss/lib/ssl/tls13hashstate.c ---- a/nss/nss/lib/ssl/tls13hashstate.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/ssl/tls13hashstate.c 2018-09-19 13:22:23.746451600 +0200 -@@ -102,7 +102,10 @@ - return SECFailure; - } - -+ { - sslReader reader = SSL_READER(plaintext, plaintextLen); -+ sslReadBuffer appTokenReader = { 0 }; -+ unsigned int hashLen; - - /* Should start with 0xff. */ - rv = sslRead_ReadNumber(&reader, 1, &sentinel); -@@ -138,7 +141,6 @@ - return SECFailure; - } - ss->xtnData.applicationToken.len = appTokenLen; -- sslReadBuffer appTokenReader = { 0 }; - rv = sslRead_Read(&reader, appTokenLen, &appTokenReader); - if (rv != SECSuccess) { - FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter); -@@ -148,7 +150,7 @@ - PORT_Memcpy(ss->xtnData.applicationToken.data, appTokenReader.buf, appTokenLen); - - /* The remainder is the hash. */ -- unsigned int hashLen = SSL_READER_REMAINING(&reader); -+ hashLen = SSL_READER_REMAINING(&reader); - if (hashLen != tls13_GetHashSize(ss)) { - FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter); - return SECFailure; -@@ -182,4 +184,5 @@ - *previousCipherSuite = cipherSuite; - *previousGroup = selectedGroup; - return SECSuccess; -+ } - } -diff -ur nss/nss/lib/util/quickder.c nss_new/nss/lib/util/quickder.c ---- a/nss/nss/lib/util/quickder.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/util/quickder.c 2018-09-06 15:30:17.340172300 +0200 -@@ -406,13 +406,14 @@ - const SEC_ASN1Template* templateEntry, - SECItem* src, PLArenaPool* arena, PRBool checkTag) - { -+ void* subdata; - const SEC_ASN1Template* ptrTemplate = - SEC_ASN1GetSubtemplate(templateEntry, dest, PR_FALSE); - if (!ptrTemplate) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } -- void* subdata = PORT_ArenaZAlloc(arena, ptrTemplate->size); -+ subdata = PORT_ArenaZAlloc(arena, ptrTemplate->size); - *(void**)((char*)dest + templateEntry->offset) = subdata; - if (subdata) { - return DecodeItem(subdata, ptrTemplate, src, arena, checkTag); -diff -ur nss/nss/lib/util/secport.c nss_new/nss/lib/util/secport.c ---- a/nss/nss/lib/util/secport.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/util/secport.c 2018-09-06 15:59:21.837141800 +0200 -@@ -150,13 +150,14 @@ - void * - PORT_ZAllocAlignedOffset(size_t size, size_t alignment, size_t offset) - { -+ void *mem = NULL; -+ void *v; - PORT_Assert(offset < size); - if (offset > size) { - return NULL; - } - -- void *mem = NULL; -- void *v = PORT_ZAllocAligned(size, alignment, &mem); -+ v = PORT_ZAllocAligned(size, alignment, &mem); - if (!v) { - return NULL; - } -diff -ur nss/nss/lib/util/utilmod.c nss_new/nss/lib/util/utilmod.c ---- a/nss/nss/lib/util/utilmod.c 2018-06-21 11:24:45.000000000 +0200 -+++ b/nss/nss/lib/util/utilmod.c 2018-09-06 16:12:23.959424800 +0200 -@@ -75,12 +75,13 @@ - os_open(const char *filename, int oflag, int pmode) - { - int fd; -+ wchar_t *filenameWide; - - if (!filename) { - return -1; - } - -- wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename); -+ filenameWide = _NSSUTIL_UTF8ToWide(filename); - if (!filenameWide) { - return -1; - } -@@ -94,12 +95,13 @@ - os_stat(const char *path, os_stat_type *buffer) - { - int result; -+ wchar_t *pathWide; - - if (!path) { - return -1; - } - -- wchar_t *pathWide = _NSSUTIL_UTF8ToWide(path); -+ pathWide = _NSSUTIL_UTF8ToWide(path); - if (!pathWide) { - return -1; - } -@@ -113,16 +115,18 @@ - os_fopen(const char *filename, const char *mode) - { - FILE *fp; -+ wchar_t *filenameWide; -+ wchar_t *modeWide; - - if (!filename || !mode) { - return NULL; - } - -- wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename); -+ filenameWide = _NSSUTIL_UTF8ToWide(filename); - if (!filenameWide) { - return NULL; - } -- wchar_t *modeWide = _NSSUTIL_UTF8ToWide(mode); -+ modeWide = _NSSUTIL_UTF8ToWide(mode); - if (!modeWide) { - PORT_Free(filenameWide); - return NULL; -@@ -138,12 +142,13 @@ - _NSSUTIL_Access(const char *path, PRAccessHow how) - { - int result; -+ int mode; -+ wchar_t *pathWide; - - if (!path) { - return PR_FAILURE; - } - -- int mode; - switch (how) { - case PR_ACCESS_WRITE_OK: - mode = 2; -@@ -158,7 +163,7 @@ - return PR_FAILURE; - } - -- wchar_t *pathWide = _NSSUTIL_UTF8ToWide(path); -+ pathWide = _NSSUTIL_UTF8ToWide(path); - if (!pathWide) { - return PR_FAILURE; - } -@@ -172,12 +177,13 @@ - nssutil_Delete(const char *name) - { - BOOL result; -+ wchar_t *nameWide; - - if (!name) { - return PR_FAILURE; - } - -- wchar_t *nameWide = _NSSUTIL_UTF8ToWide(name); -+ nameWide = _NSSUTIL_UTF8ToWide(name); - if (!nameWide) { - return PR_FAILURE; - } -@@ -191,16 +197,18 @@ - nssutil_Rename(const char *from, const char *to) - { - BOOL result; -+ wchar_t *fromWide; -+ wchar_t *toWide; - - if (!from || !to) { - return PR_FAILURE; - } - -- wchar_t *fromWide = _NSSUTIL_UTF8ToWide(from); -+ fromWide = _NSSUTIL_UTF8ToWide(from); - if (!fromWide) { - return PR_FAILURE; - } -- wchar_t *toWide = _NSSUTIL_UTF8ToWide(to); -+ toWide = _NSSUTIL_UTF8ToWide(to); - if (!toWide) { - PORT_Free(fromWide); - return PR_FAILURE; +- PK11Context *mac_context = ++ mac_context = + (useServerMacKey ? spec->server.write_mac_context + : spec->client.write_mac_context); + rv = PK11_DigestBegin(mac_context); diff --git a/external/nss/nss.patch b/external/nss/nss.patch index 4e54aa287523..4995d165c00c 100644 --- a/external/nss/nss.patch +++ b/external/nss/nss.patch @@ -1,16 +1,5 @@ ---- a/a/nspr/configure 2017-08-29 23:44:13.686045013 +0530 -+++ b/b/nspr/configure 2017-08-29 23:46:53.774768655 +0530 -@@ -7034,7 +7034,7 @@ - PR_MD_CSRCS=linux.c - MKSHLIB='$(CC) $(DSO_LDOPTS) -o $@' - DSO_CFLAGS=-fPIC -- DSO_LDOPTS='-shared -Wl,-soname -Wl,$(notdir $@)' -+ DSO_LDOPTS='-shared -Wl,-z,origin -Wl,-rpath,\$$ORIGIN -Wl,-soname -Wl,$(notdir $@)' - _OPTIMIZE_FLAGS=-O2 - _DEBUG_FLAGS="-g -fno-inline" # most people on linux use gcc/gdb, and that - # combo is not yet good at debugging inlined ---- a/nss.orig/nspr/pr/src/misc/prnetdb.c 2017-08-29 23:44:13.690045031 +0530 -+++ b/nss/nspr/pr/src/misc/prnetdb.c 2017-08-29 23:47:03.810814019 +0530 +--- a/nss.orig/nspr/pr/src/misc/prnetdb.c 2016-02-12 14:51:25.000000000 +0100 ++++ b/nss/nspr/pr/src/misc/prnetdb.c 2016-03-04 19:23:00.462892600 +0100 @@ -438,7 +438,7 @@ char *buf = *bufp; PRIntn buflen = *buflenp; @@ -20,8 +9,21 @@ PRIntn skip = align - ((ptrdiff_t)buf & (align - 1)); if (buflen < skip) { return 0; ---- a/a/nss/cmd/platlibs.mk 2017-08-29 23:44:13.554044416 +0530 -+++ b/b/nss/cmd/platlibs.mk 2017-08-29 23:46:09.638569150 +0530 +diff -ru a/nspr/configure b/nspr/configure +--- a/a/nspr/configure 2014-09-29 16:46:38.427423757 +0100 ++++ b/b/nspr/configure 2014-09-29 16:47:42.984012225 +0100 +@@ -7018,7 +7018,7 @@ + PR_MD_CSRCS=linux.c + MKSHLIB='$(CC) $(DSO_LDOPTS) -o $@' + DSO_CFLAGS=-fPIC +- DSO_LDOPTS='-shared -Wl,-soname -Wl,$(notdir $@)' ++ DSO_LDOPTS='-shared -Wl,-z,origin -Wl,-rpath,\$$ORIGIN -Wl,-soname -Wl,$(notdir $@)' + _OPTIMIZE_FLAGS=-O2 + _DEBUG_FLAGS="-g -fno-inline" # most people on linux use gcc/gdb, and that + # combo is not yet good at debugging inlined +diff -ru a/nss/cmd/platlibs.mk b/nss/cmd/platlibs.mk +--- a/a/nss/cmd/platlibs.mk 2014-09-29 16:46:38.306422654 +0100 ++++ b/b/nss/cmd/platlibs.mk 2014-09-29 16:47:42.987012253 +0100 @@ -10,17 +10,22 @@ ifeq ($(OS_ARCH), SunOS) @@ -49,9 +51,10 @@ endif endif ---- a/nss.org/nss/coreconf/arch.mk 2017-08-29 23:44:13.646044832 +0530 -+++ b/nss/nss/coreconf/arch.mk 2017-08-29 23:45:51.494487134 +0530 -@@ -305,11 +305,17 @@ +diff -ru nss.orig/nss/coreconf/arch.mk nss/nss/coreconf/arch.mk +--- a/nss.orig/nss/coreconf/arch.mk 2016-02-12 15:36:18.000000000 +0100 ++++ b/nss/nss/coreconf/arch.mk 2016-02-23 20:48:31.595941079 +0100 +@@ -280,11 +280,17 @@ OBJDIR_NAME_COMPILER = $(COMPILER_TAG) endif OBJDIR_NAME_BASE = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(OBJDIR_NAME_COMPILER)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG) @@ -71,8 +74,9 @@ # # Define USE_DEBUG_RTL if you want to use the debug runtime library # (RTL) in the debug build ---- a/nss.org/nss/coreconf/FreeBSD.mk 2017-08-29 23:44:13.642044814 +0530 -+++ b/nss/nss/coreconf/FreeBSD.mk 2017-08-29 23:45:20.850348615 +0530 +diff -ru a/nss/coreconf/FreeBSD.mk b/nss/coreconf/FreeBSD.mk +--- a/a/nss/coreconf/FreeBSD.mk 2014-09-29 16:46:38.189421588 +0100 ++++ b/b/nss/coreconf/FreeBSD.mk 2014-09-29 16:47:42.984012225 +0100 @@ -25,6 +25,7 @@ DSO_CFLAGS = -fPIC @@ -81,22 +85,23 @@ # # The default implementation strategy for FreeBSD is pthreads. ---- a/nss.org/nss/coreconf/Linux.mk 2017-08-29 23:44:13.642044814 +0530 -+++ b/nss/nss/coreconf/Linux.mk 2017-08-29 23:47:26.318915759 +0530 -@@ -147,7 +147,7 @@ - # Also, -z defs conflicts with Address Sanitizer, which emits relocations +diff -ru a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk +--- a/a/nss/coreconf/Linux.mk 2014-09-29 16:46:38.189421588 +0100 ++++ b/b/nss/coreconf/Linux.mk 2014-09-29 16:47:42.985012235 +0100 +@@ -157,7 +160,7 @@ # against the libsanitizer runtime built into the main executable. ZDEFS_FLAG = -Wl,-z,defs + ifneq ($(USE_ASAN),1) -DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) -+DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) -Wl,-z,origin '-Wl,-rpath,$$ORIGIN' - LDFLAGS += $(ARCHFLAG) -z noexecstack ++DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) -Wl,-z,origin '-Wl,-rpath,$$ORIGIN' + endif + LDFLAGS += $(ARCHFLAG) - # On Maemo, we need to use the -rpath-link flag for even the standard system -@@ -177,8 +177,13 @@ +@@ -189,8 +192,13 @@ endif endif -+ifneq ($(SYSTEM_ZLIB),) ++ifeq ($(SYSTEM_ZLIB),YES) +# Currently (3.12.4) only the tools modutil and signtool are linked with libz +# If USE_SYSTEM_ZLIB is not set then the tools link statically libzlib.a which +# is also built in nss. @@ -106,54 +111,46 @@ # The -rpath '$$ORIGIN' linker option instructs this library to search for its # dependencies in the same directory where it resides. ---- a/nss.org/nss/coreconf/rules.mk 2017-08-29 23:44:13.646044832 +0530 -+++ b/nss/nss/coreconf/rules.mk 2017-08-29 23:47:37.442966042 +0530 +diff -ru a/nss/coreconf/rules.mk b/nss/coreconf/rules.mk +--- a/a/nss/coreconf/rules.mk 2014-09-29 16:46:38.188421578 +0100 ++++ b/b/nss/coreconf/rules.mk 2014-09-29 16:47:42.986012244 +0100 @@ -261,7 +261,7 @@ ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET))) $(AR) $(subst /,\\,$(OBJS)) else - $(AR) $(OBJS) -+ $(AR) -c $@ $(OBJS) ++ $(AR) cr $@ $(OBJS) endif $(RANLIB) $@ ---- a/nss.org/nss/coreconf/SunOS5.mk 2017-08-29 23:44:13.646044832 +0530 -+++ b/nss/nss/coreconf/SunOS5.mk 2017-08-29 23:45:00.902258445 +0530 -@@ -48,8 +48,11 @@ +diff -ru a/nss/coreconf/SunOS5.mk b/nss/coreconf/SunOS5.mk +--- a/a/nss/coreconf/SunOS5.mk 2014-09-29 16:46:38.175421471 +0100 ++++ b/b/nss/coreconf/SunOS5.mk 2014-09-29 16:47:42.985012235 +0100 +@@ -48,8 +48,12 @@ # OPTIMIZER += -mno-omit-leaf-frame-pointer -fno-omit-frame-pointer endif else - CC = cc - CCC = CC -+ # CC is taken from environment automatically. -+ # CC = cc -+ # Use CXX from environment. -+ # CCC = CC -+ CCC = $(CXX) ++# CC is taken from environment automatically. ++# CC = cc ++# Use CXX from environment. ++# CCC = CC ++ CCC = $(CXX) ++ ASFLAGS += -Wa,-P OS_CFLAGS += $(NOMD_OS_CFLAGS) $(ARCHFLAG) ifndef BUILD_OPT ---- a/nss.org/nss/coreconf/Werror.mk 2017-08-29 23:44:13.646044832 +0530 -+++ b/nss/nss/coreconf/Werror.mk 2017-08-29 23:44:23.994091608 +0530 -@@ -94,7 +94,8 @@ - endif #ndef NSS_ENABLE_WERROR - - ifeq ($(NSS_ENABLE_WERROR),1) -- WARNING_CFLAGS += -Werror -+ # We do not treat warnings as errors. -+ # WARNING_CFLAGS += -Werror - else - # Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. - # Use this to disable use of that #pragma and the warnings it suppresses. ---- a/nss.org/nss/Makefile 2017-08-29 23:44:13.402043729 +0530 -+++ b/nss/nss/Makefile 2017-08-29 23:44:39.774162939 +0530 +diff -ru a/nss/Makefile b/nss/Makefile +--- a/a/nss/Makefile 2014-09-29 16:46:38.171421425 +0100 ++++ b/b/nss/Makefile 2014-09-29 16:47:42.987012253 +0100 @@ -1,3 +1,5 @@ +export AR +export RANLIB #! gmake # # This Source Code Form is subject to the terms of the Mozilla Public -@@ -89,10 +91,10 @@ +@@ -91,10 +91,10 @@ NSPR_CONFIGURE_ENV = CC=gcc CXX=g++ endif ifdef CC @@ -166,3 +163,16 @@ endif # Remove -arch definitions. NSPR can't handle that. NSPR_CONFIGURE_ENV := $(filter-out -arch x86_64,$(NSPR_CONFIGURE_ENV)) +diff -ru nss.orig/nss/coreconf/Werror.mk nss/nss/coreconf/Werror.mk +--- a/nss.orig/nss/coreconf/Werror.mk 2016-02-12 15:36:18.000000000 +0100 ++++ b/nss/nss/coreconf/Werror.mk 2016-02-23 23:58:15.119584046 +0100 +@@ -94,7 +94,8 @@ + endif #ndef NSS_ENABLE_WERROR + + ifeq ($(NSS_ENABLE_WERROR),1) +- WARNING_CFLAGS += -Werror ++# We do not treat warnings as errors. ++# WARNING_CFLAGS += -Werror + else + # Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. + # Use this to disable use of that #pragma and the warnings it suppresses. diff --git a/external/nss/nss.windowbuild.patch.0 b/external/nss/nss.windowbuild.patch.0 new file mode 100644 index 000000000000..c25ff4d6437b --- /dev/null +++ b/external/nss/nss.windowbuild.patch.0 @@ -0,0 +1,55 @@ +--- ./nss/gtests/ssl_gtest/tls_connect.cc ++++ ./nss/gtests/ssl_gtest/tls_connect.cc +@@ -375,6 +375,12 @@ + } + } + ++// A simple value of "a", "b". Note that the preferred value of "a" is placed ++// at the end, because the NSS API follows the now defunct NPN specification, ++// which places the preferred (and default) entry at the end of the list. ++// NSS will move this final entry to the front when used with ALPN. ++const uint8_t alpn_dummy_val_[4] = { 0x01, 0x62, 0x01, 0x61 }; ++ + void TlsConnectTestBase::EnableAlpn() { + client_->EnableAlpn(alpn_dummy_val_, sizeof(alpn_dummy_val_)); + server_->EnableAlpn(alpn_dummy_val_, sizeof(alpn_dummy_val_)); +--- ./nss/gtests/ssl_gtest/tls_connect.h ++++ ./nss/gtests/ssl_gtest/tls_connect.h ... etc. - the rest is truncated _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits