Index: net/third_party/nss/ssl/sslcon.c |
diff --git a/net/third_party/nss/ssl/sslcon.c b/net/third_party/nss/ssl/sslcon.c |
index 8c5a5ad3deaeb550801e51b5363f6b22055159f8..ccd00260ec2ef853069c5da46df496177bebedf7 100644 |
--- a/net/third_party/nss/ssl/sslcon.c |
+++ b/net/third_party/nss/ssl/sslcon.c |
@@ -22,20 +22,6 @@ |
static PRBool policyWasSet; |
-/* This ordered list is indexed by (SSL_CK_xx * 3) */ |
-/* Second and third bytes are MSB and LSB of master key length. */ |
-static const PRUint8 allCipherSuites[] = { |
- 0, 0, 0, |
- SSL_CK_RC4_128_WITH_MD5, 0x00, 0x80, |
- SSL_CK_RC4_128_EXPORT40_WITH_MD5, 0x00, 0x80, |
- SSL_CK_RC2_128_CBC_WITH_MD5, 0x00, 0x80, |
- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, 0x00, 0x80, |
- SSL_CK_IDEA_128_CBC_WITH_MD5, 0x00, 0x80, |
- SSL_CK_DES_64_CBC_WITH_MD5, 0x00, 0x40, |
- SSL_CK_DES_192_EDE3_CBC_WITH_MD5, 0x00, 0xC0, |
- 0, 0, 0 |
-}; |
- |
#define ssl2_NUM_SUITES_IMPLEMENTED 6 |
/* This list is sent back to the client when the client-hello message |
@@ -851,7 +837,7 @@ ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) |
{ |
PRUint8 * out; |
int rv; |
- int amount; |
+ unsigned int amount; |
int count = 0; |
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); |
@@ -927,7 +913,7 @@ ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) |
int amount; |
PRUint8 macLen; |
int nout; |
- int buflen; |
+ unsigned int buflen; |
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); |
@@ -1031,7 +1017,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) |
int amount; /* of plaintext to go in record. */ |
unsigned int padding; /* add this many padding byte. */ |
int nout; /* ciphertext size after header. */ |
- int buflen; /* size of generated record. */ |
+ unsigned int buflen; /* size of generated record. */ |
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); |
@@ -1555,7 +1541,7 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits, |
unsigned int ddLen; /* length of RSA decrypted data in kbuf */ |
unsigned int keySize; |
unsigned int dkLen; /* decrypted key length in bytes */ |
- int modulusLen; |
+ int modulusLen; |
SECStatus rv; |
PRUint16 allowed; /* cipher kinds enabled and allowed by policy */ |
PRUint8 mkbuf[SSL_MAX_MASTER_KEY_BYTES]; |
@@ -1617,11 +1603,11 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits, |
} |
modulusLen = PK11_GetPrivateModulusLen(sc->SERVERKEY); |
- if (modulusLen == -1) { |
+ if (modulusLen < 0) { |
/* XXX If the key is bad, then PK11_PubDecryptRaw will fail below. */ |
modulusLen = ekLen; |
} |
- if (ekLen > modulusLen || ekLen + ckLen < keySize) { |
+ if (ekLen > (unsigned int)modulusLen || ekLen + ckLen < keySize) { |
SSL_DBG(("%d: SSL[%d]: invalid encrypted key length, ekLen=%d (bytes)!", |
SSL_GETPID(), ss->fd, ekLen)); |
PORT_SetError(SSL_ERROR_BAD_CLIENT); |
@@ -2495,7 +2481,6 @@ ssl2_HandleMessage(sslSocket *ss) |
PRUint8 * cid; |
unsigned len, certType, certLen, responseLen; |
int rv; |
- int rv2; |
PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); |
@@ -2613,7 +2598,7 @@ ssl2_HandleMessage(sslSocket *ss) |
data + SSL_HL_CLIENT_CERTIFICATE_HBYTES + certLen, |
responseLen); |
if (rv) { |
- rv2 = ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE); |
+ (void)ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE); |
SET_ERROR_CODE |
goto loser; |
} |
@@ -2741,7 +2726,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss) |
PRUint8 * cs; |
PRUint8 * data; |
SECStatus rv; |
- int needed, sidHit, certLen, csLen, cidLen, certType, err; |
+ unsigned int needed, sidHit, certLen, csLen, cidLen, certType, err; |
PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); |
@@ -3669,12 +3654,14 @@ loser: |
*/ |
#include "nss.h" |
-extern const char __nss_ssl_rcsid[]; |
-extern const char __nss_ssl_sccsid[]; |
+extern const char __nss_ssl_version[]; |
PRBool |
NSSSSL_VersionCheck(const char *importedVersion) |
{ |
+#define NSS_VERSION_VARIABLE __nss_ssl_version |
+#include "verref.h" |
+ |
/* |
* This is the secret handshake algorithm. |
* |
@@ -3684,9 +3671,6 @@ NSSSSL_VersionCheck(const char *importedVersion) |
* not compatible with future major, minor, or |
* patch releases. |
*/ |
- volatile char c; /* force a reference that won't get optimized away */ |
- |
- c = __nss_ssl_rcsid[0] + __nss_ssl_sccsid[0]; |
return NSS_VersionCheck(importedVersion); |
} |