Update NSS to 3.21 RTM and NSPR to 4.11 RTM

nss/lib/freebl/drbg.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifdef FREEBL_NO_DEPEND
 #include "stubs.h"
 #endif
 
 #include "prerror.h"
 #include "secerr.h"
 
 #include "prtypes.h"
 #include "prinit.h"
 #include "blapi.h"
 #include "blapii.h"
 #include "nssilock.h"
 #include "secitem.h"
 #include "sha_fast.h"
 #include "sha256.h"
 #include "secrng.h"     /* for RNG_SystemRNG() */
 #include "secmpi.h"
 
 /* PRNG_SEEDLEN defined in NIST SP 800-90 section 10.1 
  * for SHA-1, SHA-224, and SHA-256 it's 440 bits.
  * for SHA-384 and SHA-512 it's 888 bits */
 #define PRNG_SEEDLEN      (440/PR_BITS_PER_BYTE)
-static const PRInt64 PRNG_MAX_ADDITIONAL_BYTES = LL_INIT(0x1, 0x0);
+#define PRNG_MAX_ADDITIONAL_BYTES PR_INT64(0x100000000)
                                                 /* 2^35 bits or 2^32 bytes */
 #define PRNG_MAX_REQUEST_SIZE 0x10000           /* 2^19 bits or 2^16 bytes */
 #define PRNG_ADDITONAL_DATA_CACHE_SIZE (8*1024) /* must be less than
                                                  *  PRNG_MAX_ADDITIONAL_BYTES
                                                  */
 
 /* RESEED_COUNT is how many calls to the prng before we need to reseed 
  * under normal NIST rules, you must return an error. In the NSS case, we
  * self-reseed with RNG_SystemRNG(). Count can be a large number. For code
  * simplicity, we specify count with 2 components: RESEED_BYTE (which is 
@@ skipping 202 matching lines @@
         rng->isValid = PR_FALSE;
         return SECFailure;
     }
     return prng_reseed(rng, entropy, entropy_len, 
                                 additional_input, additional_input_len);
 }
 
 /*
  * build some fast inline functions for adding.
  */
-#define PRNG_ADD_CARRY_ONLY(dest, start, cy) \
-   carry = cy; \
-   for (k1=start; carry && k1 >=0 ; k1--) { \
-        carry = !(++dest[k1]); \
-   } 
+#define PRNG_ADD_CARRY_ONLY(dest, start, carry) \
+    { \
+        int k1; \
+        for (k1 = start; carry && k1 >= 0; k1--) { \
+            carry = !(++dest[k1]); \
+        } \
+    }
 
 /*
  * NOTE: dest must be an array for the following to work.
  */
-#define PRNG_ADD_BITS(dest, dest_len, add, len) \
+#define PRNG_ADD_BITS(dest, dest_len, add, len, carry) \
     carry = 0; \
-    for (k1=dest_len -1, k2=len-1; k2 >= 0; --k1, --k2) { \
-        carry += dest[k1]+ add[k2]; \
-        dest[k1] = (PRUint8) carry; \
-        carry >>= 8; \
+    PORT_Assert((dest_len) >= (len)); \
+    { \
+        int k1, k2; \
+        for (k1 = dest_len - 1, k2 = len - 1; k2 >= 0; --k1, --k2) { \
+            carry += dest[k1] + add[k2]; \
+            dest[k1] = (PRUint8) carry; \
+            carry >>= 8; \
+        } \
     }
 
-#define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len) \
-    PRNG_ADD_BITS(dest, dest_len, add, len) \
-    PRNG_ADD_CARRY_ONLY(dest, k1, carry)
+#define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len, carry) \
+    PRNG_ADD_BITS(dest, dest_len, add, len, carry) \
+    PRNG_ADD_CARRY_ONLY(dest, dest_len - len, carry)
 
 /*
  * This function expands the internal state of the prng to fulfill any number
  * of bytes we need for this request. We only use this call if we need more
  * than can be supplied by a single call to SHA256_HashBuf. 
  *
  * This function is specified in NIST SP 800-90 section 10.1.1.4, Hashgen
  */
 static void
 prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes, 
              unsigned int no_of_returned_bytes)
 {
     PRUint8 data[VSize(rng)];
 
     PORT_Memcpy(data, V(rng), VSize(rng));
     while (no_of_returned_bytes) {
         SHA256Context ctx;
         unsigned int len;
         unsigned int carry;
-        int k1;
 
         SHA256_Begin(&ctx);
         SHA256_Update(&ctx, data, sizeof data);
         SHA256_End(&ctx, returned_bytes, &len, no_of_returned_bytes);
         returned_bytes += len;
         no_of_returned_bytes -= len;
         /* The carry parameter is a bool (increment or not). 
          * This increments data if no_of_returned_bytes is not zero */
-        PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, no_of_returned_bytes);
+        carry = no_of_returned_bytes;
+        PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, carry);
     }
     PORT_Memset(data, 0, sizeof data); 
 }
 
 /* 
  * Generates new random bytes and advances the internal prng state.     
  * additional bytes are only used in algorithm testing.
  * 
  * This function is specified in NIST SP 800-90 section 10.1.1.4
  */
 static SECStatus
 prng_generateNewBytes(RNGContext *rng, 
                 PRUint8 *returned_bytes, unsigned int no_of_returned_bytes,
                 const PRUint8 *additional_input,
                 unsigned int additional_input_len)
 {
     PRUint8 H[SHA256_LENGTH]; /* both H and w since they 
                                * aren't used concurrently */
     unsigned int carry;
-    int k1, k2;
 
     if (!rng->isValid) {
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
         return SECFailure;
     }
     /* This code only triggers during tests, normal
      * prng operation does not use additional_input */
     if (additional_input){
         SHA256Context ctx;
         /* NIST SP 800-90 defines two temporaries in their calculations,
          * w and H. These temporaries are the same lengths, and used
          * at different times, so we use the following macro to collapse
          * them to the same variable, but keeping their unique names for
          * easy comparison to the spec */
 #define w H
         rng->V_type = prngAdditionalDataType;
         SHA256_Begin(&ctx);
         SHA256_Update(&ctx, rng->V_Data, sizeof rng->V_Data);
         SHA256_Update(&ctx, additional_input, additional_input_len);
         SHA256_End(&ctx, w, NULL, sizeof w);
-        PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w)
+        PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w, carry)
         PORT_Memset(w, 0, sizeof w);
 #undef w 
     }
 
     if (no_of_returned_bytes == SHA256_LENGTH) {
         /* short_cut to hashbuf and save a copy and a clear */
         SHA256_HashBuf(returned_bytes, V(rng), VSize(rng) );
     } else {
         prng_Hashgen(rng, returned_bytes, no_of_returned_bytes);
     }
     /* advance our internal state... */
     rng->V_type = prngGenerateByteType;
     SHA256_HashBuf(H, rng->V_Data, sizeof rng->V_Data);
-    PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), H, sizeof H)
-    PRNG_ADD_BITS(V(rng), VSize(rng), rng->C, sizeof rng->C);
+    PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), H, sizeof H, carry)
+    PRNG_ADD_BITS(V(rng), VSize(rng), rng->C, sizeof rng->C, carry);
     PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), rng->reseed_counter, 
-                                        sizeof rng->reseed_counter)
-    PRNG_ADD_CARRY_ONLY(rng->reseed_counter,(sizeof rng->reseed_counter)-1, 1);
+                                        sizeof rng->reseed_counter, carry)
+    carry = 1;
+    PRNG_ADD_CARRY_ONLY(rng->reseed_counter,(sizeof rng->reseed_counter)-1, carry);
 
     /* continuous rng check */
     if (memcmp(V(rng), rng->oldV, sizeof rng->oldV) == 0) {
         rng->isValid = PR_FALSE;
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
         return SECFailure;
     }
     PORT_Memcpy(rng->oldV, V(rng), sizeof rng->oldV);
     return SECSuccess;
 }
@@ skipping 135 matching lines @@
      *   sizeof(size_t) to be greater than 4, but it wasn't. Setting 
      *   NS_PTR_LE_32 will correct that mistake.
      *
      * if 'sizeof(size_t) <= 4' is triggered, it means that we were expecting
      *   sizeof(size_t) to be less than or equal to 4, but it wasn't. Setting 
      *   NS_PTR_GT_32 will correct that mistake.
      */
 
     PR_STATIC_ASSERT(sizeof(size_t) > 4);
 
-    if (bytes > PRNG_MAX_ADDITIONAL_BYTES) {
+    if (bytes > (size_t)PRNG_MAX_ADDITIONAL_BYTES) {
         bytes = PRNG_MAX_ADDITIONAL_BYTES;
     }
 #else
     PR_STATIC_ASSERT(sizeof(size_t) <= 4);
 #endif
 
     PZ_Lock(globalrng->lock);
     /* if we're passed more than our additionalDataCache, simply
      * call reseed with that data */
     if (bytes > sizeof (globalrng->additionalDataCache)) {
@@ skipping 381 matching lines @@
    if (rng_status == SECSuccess) {
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
         return SECFailure;
    }
    if (PORT_GetError() != SEC_ERROR_LIBRARY_FAILURE) {
         return rng_status;
    }
   
    return SECSuccess;
 }