1--- misc/nss-3.39/nss/cmd/signtool/sign.c 2016-06-20 14:11:28.000000000 -0300 2+++ misc/build/nss-3.39/nss/cmd/signtool/sign.c 2019-11-01 13:32:56.496828470 -0300 3@@ -8,6 +8,10 @@ 4 #include "blapi.h" 5 #include "sechash.h" /* for HASH_GetHashObject() */ 6 7+#if defined(_MSC_VER) && _MSC_VER < 1900 8+#define snprintf _snprintf 9+#endif 10+ 11 static int create_pk7(char *dir, char *keyName, int *keyType); 12 static int jar_find_key_type(CERTCertificate *cert); 13 static int manifesto(char *dirname, char *install_script, PRBool recurse); 14diff -ur misc/nss-3.39/nss/cmd/Makefile misc/build/nss-3.39/nss/cmd/Makefile 15--- misc/nss-3.39/nss/cmd/Makefile 2018-08-31 05:55:53.000000000 -0700 16+++ misc/build/nss-3.39/nss/cmd/Makefile 2018-10-22 14:53:30.297923000 -0700 17@@ -21,7 +21,8 @@ 18 FIPSTEST_SRCDIR = 19 SHLIBSIGN_SRCDIR = 20 else 21-BLTEST_SRCDIR = bltest 22+# BLTEST_SRCDIR = bltest 23+BLTEST_SRCDIR = 24 ECPERF_SRCDIR = ecperf 25 FREEBL_ECTEST_SRCDIR = fbectest 26 FIPSTEST_SRCDIR = fipstest 27diff -ur misc/nss-3.39/nss/cmd/lib/secutil.c misc/build/nss-3.39/nss/cmd/lib/secutil.c 28--- misc/nss-3.39/nss/cmd/lib/secutil.c 2018-08-31 05:55:53.000000000 -0700 29+++ misc/build/nss-3.39/nss/cmd/lib/secutil.c 2018-10-22 10:44:05.694582000 -0700 30@@ -217,6 +217,7 @@ 31 secuPWData *pwdata = (secuPWData *)arg; 32 secuPWData pwnull = { PW_NONE, 0 }; 33 secuPWData pwxtrn = { PW_EXTERNAL, "external" }; 34+ char *pw; 35 36 if (pwdata == NULL) 37 pwdata = &pwnull; 38@@ -240,7 +241,7 @@ 39 sprintf(prompt, 40 "Press Enter, then enter PIN for \"%s\" on external device.\n", 41 PK11_GetTokenName(slot)); 42- char *pw = SECU_GetPasswordString(NULL, prompt); 43+ pw = SECU_GetPasswordString(NULL, prompt); 44 PORT_Free(pw); 45 /* Fall Through */ 46 case PW_PLAINTEXT: 47@@ -3841,10 +3842,11 @@ 48 countItems(const char *arg, unsigned int *numItems) 49 { 50 char *str = PORT_Strdup(arg); 51+ char *p; 52 if (!str) { 53 return SECFailure; 54 } 55- char *p = strtok(str, ","); 56+ p = strtok(str, ","); 57 while (p) { 58 ++(*numItems); 59 p = strtok(NULL, ","); 60@@ -3943,6 +3945,8 @@ 61 SSLSignatureScheme *schemes; 62 unsigned int numValues = 0; 63 unsigned int count = 0; 64+ char *str; 65+ char *p; 66 67 if (countItems(arg, &numValues) != SECSuccess) { 68 return SECFailure; 69@@ -3953,11 +3957,11 @@ 70 } 71 72 /* Get group names. */ 73- char *str = PORT_Strdup(arg); 74+ str = PORT_Strdup(arg); 75 if (!str) { 76 goto done; 77 } 78- char *p = strtok(str, ","); 79+ p = strtok(str, ","); 80 while (p) { 81 SSLSignatureScheme scheme = schemeNameToScheme(p); 82 if (scheme == ssl_sig_none) { 83diff -ur misc/nss-3.39/nss/cmd/signtool/javascript.c misc/build/nss-3.39/nss/cmd/signtool/javascript.c 84--- misc/nss-3.39/nss/cmd/signtool/javascript.c 2018-08-31 05:55:53.000000000 -0700 85+++ misc/build/nss-3.39/nss/cmd/signtool/javascript.c 2018-10-22 15:02:16.878938000 -0700 86@@ -1672,7 +1672,7 @@ 87 { 88 char fn[FNSIZE]; 89 PRDir *dir; 90- int c = snprintf(fn, sizeof(fn), "%s/%s", basepath, path); 91+ int c = PR_snprintf(fn, sizeof(fn), "%s/%s", basepath, path); 92 if (c >= sizeof(fn)) { 93 return PR_FAILURE; 94 } 95diff -ur misc/nss-3.39/nss/cmd/signtool/sign.c misc/build/nss-3.39/nss/cmd/signtool/sign.c 96--- misc/nss-3.39/nss/cmd/signtool/sign.c 2018-08-31 05:55:53.000000000 -0700 97+++ misc/build/nss-3.39/nss/cmd/signtool/sign.c 2018-10-22 15:01:53.353243000 -0700 98@@ -82,13 +82,13 @@ 99 } 100 101 /* rsa/dsa to zip */ 102- count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa")); 103+ count = PR_snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa")); 104 if (count >= sizeof(tempfn)) { 105 PR_fprintf(errorFD, "unable to write key metadata\n"); 106 errorCount++; 107 exit(ERRX); 108 } 109- count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); 110+ count = PR_snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); 111 if (count >= sizeof(fullfn)) { 112 PR_fprintf(errorFD, "unable to write key metadata\n"); 113 errorCount++; 114@@ -103,7 +103,7 @@ 115 } 116 /* mf to zip */ 117 strcpy(tempfn, "META-INF/manifest.mf"); 118- count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); 119+ count = PR_snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); 120 if (count >= sizeof(fullfn)) { 121 PR_fprintf(errorFD, "unable to write manifest\n"); 122 errorCount++; 123@@ -112,13 +112,13 @@ 124 JzipAdd(fullfn, tempfn, zipfile, compression_level); 125 126 /* sf to zip */ 127- count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.sf", base); 128+ count = PR_snprintf(tempfn, sizeof(tempfn), "META-INF/%s.sf", base); 129 if (count >= sizeof(tempfn)) { 130 PR_fprintf(errorFD, "unable to write sf metadata\n"); 131 errorCount++; 132 exit(ERRX); 133 } 134- count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); 135+ count = PR_snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); 136 if (count >= sizeof(fullfn)) { 137 PR_fprintf(errorFD, "unable to write sf metadata\n"); 138 errorCount++; 139@@ -129,13 +129,13 @@ 140 /* Add the rsa/dsa file to the zip archive normally */ 141 if (!xpi_arc) { 142 /* rsa/dsa to zip */ 143- count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa")); 144+ count = PR_snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa")); 145 if (count >= sizeof(tempfn)) { 146 PR_fprintf(errorFD, "unable to write key metadata\n"); 147 errorCount++; 148 exit(ERRX); 149 } 150- count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); 151+ count = PR_snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); 152 if (count >= sizeof(fullfn)) { 153 PR_fprintf(errorFD, "unable to write key metadata\n"); 154 errorCount++; 155@@ -456,7 +456,7 @@ 156 if (!PL_HashTableLookup(extensions, ext)) 157 return 0; 158 } 159- count = snprintf(fullname, sizeof(fullname), "%s/%s", basedir, relpath); 160+ count = PR_snprintf(fullname, sizeof(fullname), "%s/%s", basedir, relpath); 161 if (count >= sizeof(fullname)) { 162 return 1; 163 } 164diff -ur misc/nss-3.39/nss/gtests/freebl_gtest/kat/blake2b_kat.h misc/build/nss-3.39/nss/gtests/freebl_gtest/kat/blake2b_kat.h 165--- misc/nss-3.39/nss/gtests/freebl_gtest/kat/blake2b_kat.h 2018-08-31 05:55:53.000000000 -0700 166+++ misc/build/nss-3.39/nss/gtests/freebl_gtest/kat/blake2b_kat.h 2018-10-21 01:47:24.131348000 -0700 167@@ -5,7 +5,23 @@ 168 /* https://github.com/BLAKE2/BLAKE2/blob/master/testvectors/blake2b-kat.txt */ 169 170 #include <vector> 171-#include <stdint.h> 172+#if defined(_MSC_VER) && _MSC_VER < 1600 173+ #ifdef _WIN64 174+typedef unsigned __int64 uintptr_t; 175+ #else 176+typedef unsigned int uintptr_t; 177+ #endif 178+typedef unsigned char uint8_t; 179+typedef unsigned short uint16_t; 180+typedef unsigned int uint32_t; 181+typedef unsigned __int64 uint64_t; 182+#define UINT8_MAX 0xff 183+#define UINT16_MAX 0xffff 184+#define UINT32_MAX 0xffffffffu 185+#define UINT64_MAX 0xffffffffffffffffU 186+#else 187+ #include <stdint.h> 188+#endif 189 190 const std::vector<uint8_t> kat_key = { 191 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 192@@ -4643,4 +4659,4 @@ 193 0x10, 0x70, 0xfa, 0xa0, 0x37, 0x2a, 0xa4, 0x3e, 0x92, 0x48, 0x4b, 194 0xe1, 0xc1, 0xe7, 0x3b, 0xa1, 0x09, 0x06, 0xd5, 0xd1, 0x85, 0x3d, 195 0xb6, 0xa4, 0x10, 0x6e, 0x0a, 0x7b, 0xf9, 0x80, 0x0d, 0x37, 0x3d, 196- 0x6d, 0xee, 0x2d, 0x46, 0xd6, 0x2e, 0xf2, 0xa4, 0x61}))}; 197\ No newline at end of file 198+ 0x6d, 0xee, 0x2d, 0x46, 0xd6, 0x2e, 0xf2, 0xa4, 0x61}))}; 199diff -ur misc/nss-3.39/nss/gtests/ssl_gtest/libssl_internals.h misc/build/nss-3.39/nss/gtests/ssl_gtest/libssl_internals.h 200--- misc/nss-3.39/nss/gtests/ssl_gtest/libssl_internals.h 2018-08-31 05:55:53.000000000 -0700 201+++ misc/build/nss-3.39/nss/gtests/ssl_gtest/libssl_internals.h 2018-10-21 01:47:16.342484000 -0700 202@@ -7,7 +7,23 @@ 203 #ifndef libssl_internals_h_ 204 #define libssl_internals_h_ 205 206-#include <stdint.h> 207+#if defined(_MSC_VER) && _MSC_VER < 1600 208+ #ifdef _WIN64 209+typedef unsigned __int64 uintptr_t; 210+ #else 211+typedef unsigned int uintptr_t; 212+ #endif 213+typedef unsigned char uint8_t; 214+typedef unsigned short uint16_t; 215+typedef unsigned int uint32_t; 216+typedef unsigned __int64 uint64_t; 217+#define UINT8_MAX 0xff 218+#define UINT16_MAX 0xffff 219+#define UINT32_MAX 0xffffffffu 220+#define UINT64_MAX 0xffffffffffffffffU 221+#else 222+ #include <stdint.h> 223+#endif 224 225 #include "prio.h" 226 #include "seccomon.h" 227diff -ur misc/nss-3.39/nss/lib/freebl/blake2b.c misc/build/nss-3.39/nss/lib/freebl/blake2b.c 228--- misc/nss-3.39/nss/lib/freebl/blake2b.c 2018-08-31 05:55:53.000000000 -0700 229+++ misc/build/nss-3.39/nss/lib/freebl/blake2b.c 2018-10-21 15:08:03.065644000 -0700 230@@ -147,6 +147,7 @@ 231 blake2b_Begin(BLAKE2BContext* ctx, uint8_t outlen, const uint8_t* key, 232 size_t keylen) 233 { 234+ uint64_t param; 235 PORT_Assert(ctx != NULL); 236 if (!ctx) { 237 goto failure; 238@@ -164,7 +165,7 @@ 239 } 240 241 /* Mix key size(keylen) and desired hash length(outlen) into h0 */ 242- uint64_t param = outlen ^ (keylen << 8) ^ (1 << 16) ^ (1 << 24); 243+ param = outlen ^ (keylen << 8) ^ (1 << 16) ^ (1 << 24); 244 PORT_Memcpy(ctx->h, iv, 8 * 8); 245 ctx->h[0] ^= param; 246 ctx->outlen = outlen; 247@@ -402,12 +403,13 @@ 248 BLAKE2BContext* 249 BLAKE2B_Resurrect(unsigned char* space, void* arg) 250 { 251+ BLAKE2BContext* ctx; 252 PORT_Assert(space != NULL); 253 if (!space) { 254 PORT_SetError(SEC_ERROR_INVALID_ARGS); 255 return NULL; 256 } 257- BLAKE2BContext* ctx = BLAKE2B_NewContext(); 258+ ctx = BLAKE2B_NewContext(); 259 if (ctx == NULL) { 260 PORT_SetError(SEC_ERROR_INVALID_ARGS); 261 return NULL; 262diff -ur misc/nss-3.39/nss/lib/freebl/blake2b.h misc/build/nss-3.39/nss/lib/freebl/blake2b.h 263--- misc/nss-3.39/nss/lib/freebl/blake2b.h 2018-08-31 05:55:53.000000000 -0700 264+++ misc/build/nss-3.39/nss/lib/freebl/blake2b.h 2018-10-21 01:46:57.467020000 -0700 265@@ -9,7 +9,23 @@ 266 #define BLAKE_H 267 268 #include <stddef.h> 269-#include <stdint.h> 270+#if defined(_MSC_VER) && _MSC_VER < 1600 271+ #ifdef _WIN64 272+typedef unsigned __int64 uintptr_t; 273+ #else 274+typedef unsigned int uintptr_t; 275+ #endif 276+typedef unsigned char uint8_t; 277+typedef unsigned short uint16_t; 278+typedef unsigned int uint32_t; 279+typedef unsigned __int64 uint64_t; 280+#define UINT8_MAX 0xff 281+#define UINT16_MAX 0xffff 282+#define UINT32_MAX 0xffffffffu 283+#define UINT64_MAX 0xffffffffffffffffU 284+#else 285+ #include <stdint.h> 286+#endif 287 288 struct Blake2bContextStr { 289 uint64_t h[8]; /* chained state */ 290diff -ur misc/nss-3.39/nss/lib/freebl/chacha20poly1305.c misc/build/nss-3.39/nss/lib/freebl/chacha20poly1305.c 291--- misc/nss-3.39/nss/lib/freebl/chacha20poly1305.c 2018-08-31 05:55:53.000000000 -0700 292+++ misc/build/nss-3.39/nss/lib/freebl/chacha20poly1305.c 2018-10-21 21:01:18.295557000 -0700 293@@ -77,14 +77,14 @@ 294 Hacl_Poly1305_mk_state(stateStack, stateStack + offset); 295 296 unsigned char block[16] = { 0 }; 297+ unsigned int i; 298+ unsigned int j; 299 Hacl_Poly1305_init(state, (uint8_t *)key); 300 301 Poly1305PadUpdate(state, block, ad, adLen); 302 memset(block, 0, 16); 303 Poly1305PadUpdate(state, block, ciphertext, ciphertextLen); 304 305- unsigned int i; 306- unsigned int j; 307 for (i = 0, j = adLen; i < 8; i++, j >>= 8) { 308 block[i] = j; 309 } 310diff -ur misc/nss-3.39/nss/lib/freebl/ecl/ecp_25519.c misc/build/nss-3.39/nss/lib/freebl/ecl/ecp_25519.c 311--- misc/nss-3.39/nss/lib/freebl/ecl/ecp_25519.c 2018-08-31 05:55:53.000000000 -0700 312+++ misc/build/nss-3.39/nss/lib/freebl/ecl/ecp_25519.c 2018-10-21 21:06:07.350639000 -0700 313@@ -104,6 +104,7 @@ 314 { 315 PRUint8 *px; 316 PRUint8 basePoint[32] = { 9 }; 317+ SECStatus rv; 318 319 if (!P) { 320 px = basePoint; 321@@ -115,7 +116,7 @@ 322 px = P->data; 323 } 324 325- SECStatus rv = ec_Curve25519_mul(X->data, k->data, px); 326+ rv = ec_Curve25519_mul(X->data, k->data, px); 327 if (NSS_SecureMemcmpZero(X->data, X->len) == 0) { 328 return SECFailure; 329 } 330diff -ur misc/nss-3.39/nss/lib/freebl/gcm.h misc/build/nss-3.39/nss/lib/freebl/gcm.h 331--- misc/nss-3.39/nss/lib/freebl/gcm.h 2018-08-31 05:55:53.000000000 -0700 332+++ misc/build/nss-3.39/nss/lib/freebl/gcm.h 2018-10-21 01:46:50.706497000 -0700 333@@ -6,7 +6,23 @@ 334 #define GCM_H 1 335 336 #include "blapii.h" 337-#include <stdint.h> 338+#if defined(_MSC_VER) && _MSC_VER < 1600 339+ #ifdef _WIN64 340+typedef unsigned __int64 uintptr_t; 341+ #else 342+typedef unsigned int uintptr_t; 343+ #endif 344+typedef unsigned char uint8_t; 345+typedef unsigned short uint16_t; 346+typedef unsigned int uint32_t; 347+typedef unsigned __int64 uint64_t; 348+#define UINT8_MAX 0xff 349+#define UINT16_MAX 0xffff 350+#define UINT32_MAX 0xffffffffu 351+#define UINT64_MAX 0xffffffffffffffffU 352+#else 353+ #include <stdint.h> 354+#endif 355 356 #ifdef NSS_X86_OR_X64 357 /* GCC <= 4.8 doesn't support including emmintrin.h without enabling SSE2 */ 358diff -ur misc/nss-3.39/nss/lib/freebl/rijndael.h misc/build/nss-3.39/nss/lib/freebl/rijndael.h 359--- misc/nss-3.39/nss/lib/freebl/rijndael.h 2018-08-31 05:55:53.000000000 -0700 360+++ misc/build/nss-3.39/nss/lib/freebl/rijndael.h 2018-10-21 01:47:05.758087000 -0700 361@@ -6,7 +6,23 @@ 362 #define _RIJNDAEL_H_ 1 363 364 #include "blapii.h" 365-#include <stdint.h> 366+#if defined(_MSC_VER) && _MSC_VER < 1600 367+ #ifdef _WIN64 368+typedef unsigned __int64 uintptr_t; 369+ #else 370+typedef unsigned int uintptr_t; 371+ #endif 372+typedef unsigned char uint8_t; 373+typedef unsigned short uint16_t; 374+typedef unsigned int uint32_t; 375+typedef unsigned __int64 uint64_t; 376+#define UINT8_MAX 0xff 377+#define UINT16_MAX 0xffff 378+#define UINT32_MAX 0xffffffffu 379+#define UINT64_MAX 0xffffffffffffffffU 380+#else 381+ #include <stdint.h> 382+#endif 383 384 #if defined(NSS_X86_OR_X64) 385 /* GCC <= 4.8 doesn't support including emmintrin.h without enabling SSE2 */ 386diff -ur misc/nss-3.39/nss/lib/freebl/verified/FStar.c misc/build/nss-3.39/nss/lib/freebl/verified/FStar.c 387--- misc/nss-3.39/nss/lib/freebl/verified/FStar.c 2018-08-31 05:55:53.000000000 -0700 388+++ misc/build/nss-3.39/nss/lib/freebl/verified/FStar.c 2018-10-21 23:50:44.099188000 -0700 389@@ -32,37 +32,37 @@ 390 FStar_UInt128_uint128 391 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) 392 { 393- return ( 394- (FStar_UInt128_uint128){ 395- .low = a.low + b.low, 396- .high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) }); 397+ FStar_UInt128_uint128 ret; 398+ ret.low = a.low + b.low; 399+ ret.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); 400+ return (ret); 401 } 402 403 FStar_UInt128_uint128 404 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) 405 { 406- return ( 407- (FStar_UInt128_uint128){ 408- .low = a.low + b.low, 409- .high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) }); 410+ FStar_UInt128_uint128 ret; 411+ ret.low = a.low + b.low; 412+ ret.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); 413+ return (ret); 414 } 415 416 FStar_UInt128_uint128 417 FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) 418 { 419- return ( 420- (FStar_UInt128_uint128){ 421- .low = a.low - b.low, 422- .high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) }); 423+ FStar_UInt128_uint128 ret; 424+ ret.low = a.low - b.low; 425+ ret.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); 426+ return (ret); 427 } 428 429 static FStar_UInt128_uint128 430 FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) 431 { 432- return ( 433- (FStar_UInt128_uint128){ 434- .low = a.low - b.low, 435- .high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) }); 436+ FStar_UInt128_uint128 ret; 437+ ret.low = a.low - b.low; 438+ ret.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); 439+ return (ret); 440 } 441 442 FStar_UInt128_uint128 443@@ -74,25 +74,37 @@ 444 FStar_UInt128_uint128 445 FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) 446 { 447- return ((FStar_UInt128_uint128){.low = a.low & b.low, .high = a.high & b.high }); 448+ FStar_UInt128_uint128 ret; 449+ ret.low = a.low & b.low; 450+ ret.high = a.high & b.high; 451+ return (ret); 452 } 453 454 FStar_UInt128_uint128 455 FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) 456 { 457- return ((FStar_UInt128_uint128){.low = a.low ^ b.low, .high = a.high ^ b.high }); 458+ FStar_UInt128_uint128 ret; 459+ ret.low = a.low ^ b.low; 460+ ret.high = a.high ^ b.high; 461+ return (ret); 462 } 463 464 FStar_UInt128_uint128 465 FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) 466 { 467- return ((FStar_UInt128_uint128){.low = a.low | b.low, .high = a.high | b.high }); 468+ FStar_UInt128_uint128 ret; 469+ ret.low = a.low | b.low; 470+ ret.high = a.high | b.high; 471+ return (ret); 472 } 473 474 FStar_UInt128_uint128 475 FStar_UInt128_lognot(FStar_UInt128_uint128 a) 476 { 477- return ((FStar_UInt128_uint128){.low = ~a.low, .high = ~a.high }); 478+ FStar_UInt128_uint128 ret; 479+ ret.low = ~a.low; 480+ ret.high = ~a.high; 481+ return (ret); 482 } 483 484 static uint32_t FStar_UInt128_u32_64 = (uint32_t)64U; 485@@ -112,19 +124,23 @@ 486 static FStar_UInt128_uint128 487 FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s) 488 { 489+ FStar_UInt128_uint128 ret; 490 if (s == (uint32_t)0U) 491 return a; 492- else 493- return ( 494- (FStar_UInt128_uint128){ 495- .low = a.low << s, 496- .high = FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s) }); 497+ else { 498+ ret.low = a.low << s; 499+ ret.high = FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s); 500+ return (ret); 501+ } 502 } 503 504 static FStar_UInt128_uint128 505 FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s) 506 { 507- return ((FStar_UInt128_uint128){.low = (uint64_t)0U, .high = a.low << (s - FStar_UInt128_u32_64) }); 508+ FStar_UInt128_uint128 ret; 509+ ret.low = (uint64_t)0U; 510+ ret.high = a.low << (s - FStar_UInt128_u32_64); 511+ return (ret); 512 } 513 514 FStar_UInt128_uint128 515@@ -151,19 +167,23 @@ 516 static FStar_UInt128_uint128 517 FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s) 518 { 519+ FStar_UInt128_uint128 ret; 520 if (s == (uint32_t)0U) 521 return a; 522- else 523- return ( 524- (FStar_UInt128_uint128){ 525- .low = FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s), 526- .high = a.high >> s }); 527+ else { 528+ ret.low = FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s); 529+ ret.high = a.high >> s; 530+ return (ret); 531+ } 532 } 533 534 static FStar_UInt128_uint128 535 FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s) 536 { 537- return ((FStar_UInt128_uint128){.low = a.high >> (s - FStar_UInt128_u32_64), .high = (uint64_t)0U }); 538+ FStar_UInt128_uint128 ret; 539+ ret.low = a.high >> (s - FStar_UInt128_u32_64); 540+ ret.high = (uint64_t)0U; 541+ return (ret); 542 } 543 544 FStar_UInt128_uint128 545@@ -178,25 +198,28 @@ 546 FStar_UInt128_uint128 547 FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) 548 { 549- return ( 550- (FStar_UInt128_uint128){ 551- .low = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high), 552- .high = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high) }); 553+ FStar_UInt128_uint128 ret; 554+ ret.low = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); 555+ ret.high = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); 556+ return (ret); 557 } 558 559 FStar_UInt128_uint128 560 FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) 561 { 562- return ( 563- (FStar_UInt128_uint128){ 564- .low = (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)), 565- .high = (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)) }); 566+ FStar_UInt128_uint128 ret; 567+ ret.low = (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)); 568+ ret.high = (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)); 569+ return (ret); 570 } 571 572 FStar_UInt128_uint128 573 FStar_UInt128_uint64_to_uint128(uint64_t a) 574 { 575- return ((FStar_UInt128_uint128){.low = a, .high = (uint64_t)0U }); 576+ FStar_UInt128_uint128 ret; 577+ ret.low = a; 578+ ret.high = (uint64_t)0U; 579+ return (ret); 580 } 581 582 uint64_t 583@@ -218,12 +241,13 @@ 584 static K___uint64_t_uint64_t_uint64_t_uint64_t 585 FStar_UInt128_mul_wide_impl_t_(uint64_t x, uint64_t y) 586 { 587- return ( 588- (K___uint64_t_uint64_t_uint64_t_uint64_t){ 589- .fst = FStar_UInt128_u64_mod_32(x), 590- .snd = FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y)), 591- .thd = x >> FStar_UInt128_u32_32, 592- .f3 = (x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32) }); 593+ 594+ K___uint64_t_uint64_t_uint64_t_uint64_t ret; 595+ ret.fst = FStar_UInt128_u64_mod_32(x); 596+ ret.snd = FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y)); 597+ ret.thd = x >> FStar_UInt128_u32_32; 598+ ret.f3 = (x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32); 599+ return (ret); 600 } 601 602 static uint64_t 603@@ -240,12 +264,12 @@ 604 uint64_t w3 = scrut.snd; 605 uint64_t x_ = scrut.thd; 606 uint64_t t_ = scrut.f3; 607- return ( 608- (FStar_UInt128_uint128){ 609- .low = FStar_UInt128_u32_combine_(u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_), 610- w3), 611- .high = x_ * (y >> FStar_UInt128_u32_32) + (t_ >> FStar_UInt128_u32_32) + 612- ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> FStar_UInt128_u32_32) }); 613+ FStar_UInt128_uint128 ret; 614+ ret.low = FStar_UInt128_u32_combine_(u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_), 615+ w3); 616+ ret.high = x_ * (y >> FStar_UInt128_u32_32) + (t_ >> FStar_UInt128_u32_32) + 617+ ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> FStar_UInt128_u32_32); 618+ return (ret); 619 } 620 621 FStar_UInt128_uint128 622diff -ur misc/nss-3.39/nss/lib/freebl/verified/FStar.h misc/build/nss-3.39/nss/lib/freebl/verified/FStar.h 623--- misc/nss-3.39/nss/lib/freebl/verified/FStar.h 2018-08-31 05:55:53.000000000 -0700 624+++ misc/build/nss-3.39/nss/lib/freebl/verified/FStar.h 2018-10-21 23:03:05.151005000 -0700 625@@ -17,6 +17,7 @@ 626 #ifndef __FStar_H 627 #define __FStar_H 628 629+#include "secport.h" 630 #include "kremlib_base.h" 631 632 typedef struct 633diff -ur misc/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20.c misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20.c 634--- misc/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20.c 2018-08-31 05:55:53.000000000 -0700 635+++ misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20.c 2018-10-21 21:47:24.553180000 -0700 636@@ -18,7 +18,8 @@ 637 static void 638 Hacl_Lib_LoadStore32_uint32s_from_le_bytes(uint32_t *output, uint8_t *input, uint32_t len) 639 { 640- for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { 641+ uint32_t i; 642+ for (i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { 643 uint8_t *x0 = input + (uint32_t)4U * i; 644 uint32_t inputi = load32_le(x0); 645 output[i] = inputi; 646@@ -28,7 +29,8 @@ 647 static void 648 Hacl_Lib_LoadStore32_uint32s_to_le_bytes(uint8_t *output, uint32_t *input, uint32_t len) 649 { 650- for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { 651+ uint32_t i; 652+ for (i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { 653 uint32_t hd1 = input[i]; 654 uint8_t *x0 = output + (uint32_t)4U * i; 655 store32_le(x0, hd1); 656@@ -46,31 +48,49 @@ 657 { 658 uint32_t sa = st[a]; 659 uint32_t sb0 = st[b]; 660+ uint32_t sd; 661+ uint32_t sa10; 662+ uint32_t sda; 663+ uint32_t sa0; 664+ uint32_t sb1; 665+ uint32_t sd0; 666+ uint32_t sa11; 667+ uint32_t sda0; 668+ uint32_t sa2; 669+ uint32_t sb2; 670+ uint32_t sd1; 671+ uint32_t sa12; 672+ uint32_t sda1; 673+ uint32_t sa3; 674+ uint32_t sb; 675+ uint32_t sd2; 676+ uint32_t sa1; 677+ uint32_t sda2; 678 st[a] = sa + sb0; 679- uint32_t sd = st[d]; 680- uint32_t sa10 = st[a]; 681- uint32_t sda = sd ^ sa10; 682+ sd = st[d]; 683+ sa10 = st[a]; 684+ sda = sd ^ sa10; 685 st[d] = Hacl_Impl_Chacha20_rotate_left(sda, (uint32_t)16U); 686- uint32_t sa0 = st[c]; 687- uint32_t sb1 = st[d]; 688+ sa0 = st[c]; 689+ sb1 = st[d]; 690 st[c] = sa0 + sb1; 691- uint32_t sd0 = st[b]; 692- uint32_t sa11 = st[c]; 693- uint32_t sda0 = sd0 ^ sa11; 694+ sd0 = st[b]; 695+ sa11 = st[c]; 696+ sda0 = sd0 ^ sa11; 697 st[b] = Hacl_Impl_Chacha20_rotate_left(sda0, (uint32_t)12U); 698- uint32_t sa2 = st[a]; 699- uint32_t sb2 = st[b]; 700+ sa2 = st[a]; 701+ sb2 = st[b]; 702 st[a] = sa2 + sb2; 703- uint32_t sd1 = st[d]; 704- uint32_t sa12 = st[a]; 705- uint32_t sda1 = sd1 ^ sa12; 706+ sd1 = st[d]; 707+ sa12 = st[a]; 708+ sda1 = sd1 ^ sa12; 709 st[d] = Hacl_Impl_Chacha20_rotate_left(sda1, (uint32_t)8U); 710- uint32_t sa3 = st[c]; 711- uint32_t sb = st[d]; 712+ sa3 = st[c]; 713+ sb = st[d]; 714 st[c] = sa3 + sb; 715- uint32_t sd2 = st[b]; 716- uint32_t sa1 = st[c]; 717- uint32_t sda2 = sd2 ^ sa1; 718+ sd2 = st[b]; 719+ sa1 = st[c]; 720+ sda2 = sd2 ^ sa1; 721 st[b] = Hacl_Impl_Chacha20_rotate_left(sda2, (uint32_t)7U); 722 } 723 724@@ -90,14 +110,16 @@ 725 inline static void 726 Hacl_Impl_Chacha20_rounds(uint32_t *st) 727 { 728- for (uint32_t i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U) 729+ uint32_t i; 730+ for (i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U) 731 Hacl_Impl_Chacha20_double_round(st); 732 } 733 734 inline static void 735 Hacl_Impl_Chacha20_sum_states(uint32_t *st, uint32_t *st_) 736 { 737- for (uint32_t i = (uint32_t)0U; i < (uint32_t)16U; i = i + (uint32_t)1U) { 738+ uint32_t i; 739+ for (i = (uint32_t)0U; i < (uint32_t)16U; i = i + (uint32_t)1U) { 740 uint32_t xi = st[i]; 741 uint32_t yi = st_[i]; 742 st[i] = xi + yi; 743@@ -150,9 +172,10 @@ 744 uint32_t *k = b; 745 uint32_t *ib = b + (uint32_t)16U; 746 uint32_t *ob = b + (uint32_t)32U; 747+ uint32_t i; 748 Hacl_Impl_Chacha20_chacha20_core(k, st, ctr); 749 Hacl_Lib_LoadStore32_uint32s_from_le_bytes(ib, plain, (uint32_t)16U); 750- for (uint32_t i = (uint32_t)0U; i < (uint32_t)16U; i = i + (uint32_t)1U) { 751+ for (i = (uint32_t)0U; i < (uint32_t)16U; i = i + (uint32_t)1U) { 752 uint32_t xi = ib[i]; 753 uint32_t yi = k[i]; 754 ob[i] = xi ^ yi; 755@@ -169,9 +192,11 @@ 756 uint32_t ctr) 757 { 758 uint8_t block[64U] = { 0U }; 759+ uint8_t *mask; 760+ uint32_t i; 761 Hacl_Impl_Chacha20_chacha20_block(block, st, ctr); 762- uint8_t *mask = block; 763- for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { 764+ mask = block; 765+ for (i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { 766 uint8_t xi = plain[i]; 767 uint8_t yi = mask[i]; 768 output[i] = xi ^ yi; 769@@ -186,7 +211,8 @@ 770 uint32_t *st, 771 uint32_t ctr) 772 { 773- for (uint32_t i = (uint32_t)0U; i < num_blocks; i = i + (uint32_t)1U) { 774+ uint32_t i; 775+ for (i = (uint32_t)0U; i < num_blocks; i = i + (uint32_t)1U) { 776 uint8_t *b = plain + (uint32_t)64U * i; 777 uint8_t *o = output + (uint32_t)64U * i; 778 Hacl_Impl_Chacha20_update(o, b, st, ctr + i); 779diff -ur misc/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20.h misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20.h 780--- misc/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20.h 2018-08-31 05:55:53.000000000 -0700 781+++ misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20.h 2018-10-21 21:12:36.078858000 -0700 782@@ -13,6 +13,7 @@ 783 * limitations under the License. 784 */ 785 786+#include "secport.h" 787 #include "kremlib.h" 788 #ifndef __Hacl_Chacha20_H 789 #define __Hacl_Chacha20_H 790diff -ur misc/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.c misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.c 791--- misc/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.c 2018-08-31 05:55:53.000000000 -0700 792+++ misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.c 2018-10-21 22:13:55.130785000 -0700 793@@ -25,14 +25,18 @@ 794 inline static void 795 Hacl_Impl_Chacha20_Vec128_State_state_to_key_block(uint8_t *stream_block, vec *k) 796 { 797+ uint8_t *a; 798+ uint8_t *b; 799+ uint8_t *c; 800+ uint8_t *d; 801 vec k0 = k[0U]; 802 vec k1 = k[1U]; 803 vec k2 = k[2U]; 804 vec k3 = k[3U]; 805- uint8_t *a = stream_block; 806- uint8_t *b = stream_block + (uint32_t)16U; 807- uint8_t *c = stream_block + (uint32_t)32U; 808- uint8_t *d = stream_block + (uint32_t)48U; 809+ a = stream_block; 810+ b = stream_block + (uint32_t)16U; 811+ c = stream_block + (uint32_t)32U; 812+ d = stream_block + (uint32_t)48U; 813 vec_store_le(a, k0); 814 vec_store_le(b, k1); 815 vec_store_le(c, k2); 816@@ -42,21 +46,29 @@ 817 inline static void 818 Hacl_Impl_Chacha20_Vec128_State_state_setup(vec *st, uint8_t *k, uint8_t *n1, uint32_t c) 819 { 820+ vec k0; 821+ vec k1; 822+ uint32_t n0; 823+ uint8_t *x00; 824+ uint32_t n10; 825+ uint8_t *x0; 826+ uint32_t n2; 827+ vec v1; 828 st[0U] = 829 vec_load_32x4((uint32_t)0x61707865U, 830 (uint32_t)0x3320646eU, 831 (uint32_t)0x79622d32U, 832 (uint32_t)0x6b206574U); 833- vec k0 = vec_load128_le(k); 834- vec k1 = vec_load128_le(k + (uint32_t)16U); 835+ k0 = vec_load128_le(k); 836+ k1 = vec_load128_le(k + (uint32_t)16U); 837 st[1U] = k0; 838 st[2U] = k1; 839- uint32_t n0 = load32_le(n1); 840- uint8_t *x00 = n1 + (uint32_t)4U; 841- uint32_t n10 = load32_le(x00); 842- uint8_t *x0 = n1 + (uint32_t)8U; 843- uint32_t n2 = load32_le(x0); 844- vec v1 = vec_load_32x4(c, n0, n10, n2); 845+ n0 = load32_le(n1); 846+ x00 = n1 + (uint32_t)4U; 847+ n10 = load32_le(x00); 848+ x0 = n1 + (uint32_t)8U; 849+ n2 = load32_le(x0); 850+ v1 = vec_load_32x4(c, n0, n10, n2); 851 st[3U] = v1; 852 } 853 854@@ -68,27 +80,42 @@ 855 vec sd0 = st[3U]; 856 vec sa10 = vec_add(sa, sb0); 857 vec sd10 = vec_rotate_left(vec_xor(sd0, sa10), (uint32_t)16U); 858+ vec sa0; 859+ vec sb1; 860+ vec sd2; 861+ vec sa11; 862+ vec sd11; 863+ vec sa2; 864+ vec sb2; 865+ vec sd3; 866+ vec sa12; 867+ vec sd12; 868+ vec sa3; 869+ vec sb; 870+ vec sd; 871+ vec sa1; 872+ vec sd1; 873 st[0U] = sa10; 874 st[3U] = sd10; 875- vec sa0 = st[2U]; 876- vec sb1 = st[3U]; 877- vec sd2 = st[1U]; 878- vec sa11 = vec_add(sa0, sb1); 879- vec sd11 = vec_rotate_left(vec_xor(sd2, sa11), (uint32_t)12U); 880+ sa0 = st[2U]; 881+ sb1 = st[3U]; 882+ sd2 = st[1U]; 883+ sa11 = vec_add(sa0, sb1); 884+ sd11 = vec_rotate_left(vec_xor(sd2, sa11), (uint32_t)12U); 885 st[2U] = sa11; 886 st[1U] = sd11; 887- vec sa2 = st[0U]; 888- vec sb2 = st[1U]; 889- vec sd3 = st[3U]; 890- vec sa12 = vec_add(sa2, sb2); 891- vec sd12 = vec_rotate_left(vec_xor(sd3, sa12), (uint32_t)8U); 892+ sa2 = st[0U]; 893+ sb2 = st[1U]; 894+ sd3 = st[3U]; 895+ sa12 = vec_add(sa2, sb2); 896+ sd12 = vec_rotate_left(vec_xor(sd3, sa12), (uint32_t)8U); 897 st[0U] = sa12; 898 st[3U] = sd12; 899- vec sa3 = st[2U]; 900- vec sb = st[3U]; 901- vec sd = st[1U]; 902- vec sa1 = vec_add(sa3, sb); 903- vec sd1 = vec_rotate_left(vec_xor(sd, sa1), (uint32_t)7U); 904+ sa3 = st[2U]; 905+ sb = st[3U]; 906+ sd = st[1U]; 907+ sa1 = vec_add(sa3, sb); 908+ sd1 = vec_rotate_left(vec_xor(sd, sa1), (uint32_t)7U); 909 st[2U] = sa1; 910 st[1U] = sd1; 911 } 912@@ -96,17 +123,23 @@ 913 inline static void 914 Hacl_Impl_Chacha20_Vec128_double_round(vec *st) 915 { 916+ vec r1; 917+ vec r20; 918+ vec r30; 919+ vec r10; 920+ vec r2; 921+ vec r3; 922 Hacl_Impl_Chacha20_Vec128_round(st); 923- vec r1 = st[1U]; 924- vec r20 = st[2U]; 925- vec r30 = st[3U]; 926+ r1 = st[1U]; 927+ r20 = st[2U]; 928+ r30 = st[3U]; 929 st[1U] = vec_shuffle_right(r1, (uint32_t)1U); 930 st[2U] = vec_shuffle_right(r20, (uint32_t)2U); 931 st[3U] = vec_shuffle_right(r30, (uint32_t)3U); 932 Hacl_Impl_Chacha20_Vec128_round(st); 933- vec r10 = st[1U]; 934- vec r2 = st[2U]; 935- vec r3 = st[3U]; 936+ r10 = st[1U]; 937+ r2 = st[2U]; 938+ r3 = st[3U]; 939 st[1U] = vec_shuffle_right(r10, (uint32_t)3U); 940 st[2U] = vec_shuffle_right(r2, (uint32_t)2U); 941 st[3U] = vec_shuffle_right(r3, (uint32_t)1U); 942@@ -153,8 +186,9 @@ 943 inline static void 944 Hacl_Impl_Chacha20_Vec128_chacha20_core(vec *k, vec *st) 945 { 946+ uint32_t i; 947 Hacl_Impl_Chacha20_Vec128_copy_state(k, st); 948- for (uint32_t i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U) 949+ for (i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U) 950 Hacl_Impl_Chacha20_Vec128_double_round(k); 951 Hacl_Impl_Chacha20_Vec128_sum_states(k, st); 952 } 953@@ -188,8 +222,9 @@ 954 inline static void 955 Hacl_Impl_Chacha20_Vec128_chacha20_core3(vec *k0, vec *k1, vec *k2, vec *st) 956 { 957+ uint32_t i; 958 Hacl_Impl_Chacha20_Vec128_chacha20_incr3(k0, k1, k2, st); 959- for (uint32_t i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U) 960+ for (i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U) 961 Hacl_Impl_Chacha20_Vec128_double_round3(k0, k1, k2); 962 Hacl_Impl_Chacha20_Vec128_chacha20_sum3(k0, k1, k2, st); 963 } 964@@ -197,9 +232,10 @@ 965 inline static void 966 Hacl_Impl_Chacha20_Vec128_chacha20_block(uint8_t *stream_block, vec *st) 967 { 968- KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); 969 vec k[4U]; 970- for (uint32_t _i = 0U; _i < (uint32_t)4U; ++_i) 971+ uint32_t _i; 972+ KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); 973+ for (_i = 0U; _i < (uint32_t)4U; ++_i) 974 k[_i] = vec_zero(); 975 Hacl_Impl_Chacha20_Vec128_chacha20_core(k, st); 976 Hacl_Impl_Chacha20_Vec128_State_state_to_key_block(stream_block, k); 977@@ -215,9 +251,11 @@ 978 Hacl_Impl_Chacha20_Vec128_update_last(uint8_t *output, uint8_t *plain, uint32_t len, vec *st) 979 { 980 uint8_t block[64U] = { 0U }; 981+ uint8_t *mask; 982+ uint32_t i; 983 Hacl_Impl_Chacha20_Vec128_chacha20_block(block, st); 984- uint8_t *mask = block; 985- for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { 986+ mask = block; 987+ for (i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { 988 uint8_t xi = plain[i]; 989 uint8_t yi = mask[i]; 990 output[i] = xi ^ yi; 991@@ -252,9 +290,10 @@ 992 static void 993 Hacl_Impl_Chacha20_Vec128_update(uint8_t *output, uint8_t *plain, vec *st) 994 { 995- KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); 996 vec k[4U]; 997- for (uint32_t _i = 0U; _i < (uint32_t)4U; ++_i) 998+ uint32_t _i; 999+ KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); 1000+ for (_i = 0U; _i < (uint32_t)4U; ++_i) 1001 k[_i] = vec_zero(); 1002 Hacl_Impl_Chacha20_Vec128_chacha20_core(k, st); 1003 Hacl_Impl_Chacha20_Vec128_xor_block(output, plain, k); 1004@@ -263,25 +302,32 @@ 1005 static void 1006 Hacl_Impl_Chacha20_Vec128_update3(uint8_t *output, uint8_t *plain, vec *st) 1007 { 1008- KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); 1009 vec k0[4U]; 1010- for (uint32_t _i = 0U; _i < (uint32_t)4U; ++_i) 1011+ uint32_t _i; 1012+ vec k1[4U]; 1013+ vec k2[4U]; 1014+ uint8_t *p0; 1015+ uint8_t *p1; 1016+ uint8_t *p2; 1017+ uint8_t *o0; 1018+ uint8_t *o1; 1019+ uint8_t *o2; 1020+ KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); 1021+ for (_i = 0U; _i < (uint32_t)4U; ++_i) 1022 k0[_i] = vec_zero(); 1023 KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); 1024- vec k1[4U]; 1025- for (uint32_t _i = 0U; _i < (uint32_t)4U; ++_i) 1026+ for (_i = 0U; _i < (uint32_t)4U; ++_i) 1027 k1[_i] = vec_zero(); 1028 KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); 1029- vec k2[4U]; 1030- for (uint32_t _i = 0U; _i < (uint32_t)4U; ++_i) 1031+ for (_i = 0U; _i < (uint32_t)4U; ++_i) 1032 k2[_i] = vec_zero(); 1033 Hacl_Impl_Chacha20_Vec128_chacha20_core3(k0, k1, k2, st); 1034- uint8_t *p0 = plain; 1035- uint8_t *p1 = plain + (uint32_t)64U; 1036- uint8_t *p2 = plain + (uint32_t)128U; 1037- uint8_t *o0 = output; 1038- uint8_t *o1 = output + (uint32_t)64U; 1039- uint8_t *o2 = output + (uint32_t)128U; 1040+ p0 = plain; 1041+ p1 = plain + (uint32_t)64U; 1042+ p2 = plain + (uint32_t)128U; 1043+ o0 = output; 1044+ o1 = output + (uint32_t)64U; 1045+ o2 = output + (uint32_t)128U; 1046 Hacl_Impl_Chacha20_Vec128_xor_block(o0, p0, k0); 1047 Hacl_Impl_Chacha20_Vec128_xor_block(o1, p1, k1); 1048 Hacl_Impl_Chacha20_Vec128_xor_block(o2, p2, k2); 1049@@ -308,7 +354,8 @@ 1050 uint32_t len, 1051 vec *st) 1052 { 1053- for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) 1054+ uint32_t i; 1055+ for (i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) 1056 Hacl_Impl_Chacha20_Vec128_update3_(output, plain, len, st, i); 1057 } 1058 1059@@ -368,11 +415,13 @@ 1060 uint8_t *n1, 1061 uint32_t ctr) 1062 { 1063- KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); 1064 vec buf[4U]; 1065- for (uint32_t _i = 0U; _i < (uint32_t)4U; ++_i) 1066+ uint32_t _i; 1067+ vec *st; 1068+ KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); 1069+ for (_i = 0U; _i < (uint32_t)4U; ++_i) 1070 buf[_i] = vec_zero(); 1071- vec *st = buf; 1072+ st = buf; 1073 Hacl_Impl_Chacha20_Vec128_init(st, k, n1, ctr); 1074 Hacl_Impl_Chacha20_Vec128_chacha20_counter_mode(output, plain, len, st); 1075 } 1076diff -ur misc/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.h misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.h 1077--- misc/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.h 2018-08-31 05:55:53.000000000 -0700 1078+++ misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.h 2018-10-21 21:52:15.090683000 -0700 1079@@ -13,6 +13,7 @@ 1080 * limitations under the License. 1081 */ 1082 1083+#include "secport.h" 1084 #include "kremlib.h" 1085 #ifndef __Hacl_Chacha20_Vec128_H 1086 #define __Hacl_Chacha20_Vec128_H 1087diff -ur misc/nss-3.39/nss/lib/freebl/verified/Hacl_Curve25519.c misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Curve25519.c 1088--- misc/nss-3.39/nss/lib/freebl/verified/Hacl_Curve25519.c 2018-08-31 05:55:53.000000000 -0700 1089+++ misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Curve25519.c 2018-10-21 22:57:57.044565000 -0700 1090@@ -129,6 +129,7 @@ 1091 Hacl_Bignum_Fmul_shift_reduce(uint64_t *output) 1092 { 1093 uint64_t tmp = output[4U]; 1094+ uint64_t b0; 1095 { 1096 uint32_t ctr = (uint32_t)5U - (uint32_t)0U - (uint32_t)1U; 1097 uint64_t z = output[ctr - (uint32_t)1U]; 1098@@ -150,13 +151,15 @@ 1099 output[ctr] = z; 1100 } 1101 output[0U] = tmp; 1102- uint64_t b0 = output[0U]; 1103+ b0 = output[0U]; 1104 output[0U] = (uint64_t)19U * b0; 1105 } 1106 1107 static void 1108 Hacl_Bignum_Fmul_mul_shift_reduce_(FStar_UInt128_t *output, uint64_t *input, uint64_t *input21) 1109 { 1110+ uint32_t i; 1111+ uint64_t input2i; 1112 { 1113 uint64_t input2i = input21[0U]; 1114 Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i); 1115@@ -177,8 +180,8 @@ 1116 Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i); 1117 Hacl_Bignum_Fmul_shift_reduce(input); 1118 } 1119- uint32_t i = (uint32_t)4U; 1120- uint64_t input2i = input21[i]; 1121+ i = (uint32_t)4U; 1122+ input2i = input21[i]; 1123 Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i); 1124 } 1125 1126@@ -186,29 +189,35 @@ 1127 Hacl_Bignum_Fmul_fmul(uint64_t *output, uint64_t *input, uint64_t *input21) 1128 { 1129 uint64_t tmp[5U] = { 0U }; 1130+ uint32_t _i; 1131+ FStar_UInt128_t b4; 1132+ FStar_UInt128_t b0; 1133+ FStar_UInt128_t b4_; 1134+ FStar_UInt128_t b0_; 1135+ FStar_UInt128_t t[5U]; 1136+ uint64_t i0; 1137+ uint64_t i1; 1138+ uint64_t i0_; 1139+ uint64_t i1_; 1140 memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]); 1141 KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); 1142- FStar_UInt128_t t[5U]; 1143- for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i) 1144+ for (_i = 0U; _i < (uint32_t)5U; ++_i) 1145 t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U); 1146 Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input21); 1147 Hacl_Bignum_Fproduct_carry_wide_(t); 1148- FStar_UInt128_t b4 = t[4U]; 1149- FStar_UInt128_t b0 = t[0U]; 1150- FStar_UInt128_t 1151- b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); 1152- FStar_UInt128_t 1153- b0_ = 1154- FStar_UInt128_add(b0, 1155+ b4 = t[4U]; 1156+ b0 = t[0U]; 1157+ b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); 1158+ b0_ = FStar_UInt128_add(b0, 1159 FStar_UInt128_mul_wide((uint64_t)19U, 1160 FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U)))); 1161 t[4U] = b4_; 1162 t[0U] = b0_; 1163 Hacl_Bignum_Fproduct_copy_from_wide_(output, t); 1164- uint64_t i0 = output[0U]; 1165- uint64_t i1 = output[1U]; 1166- uint64_t i0_ = i0 & (uint64_t)0x7ffffffffffffU; 1167- uint64_t i1_ = i1 + (i0 >> (uint32_t)51U); 1168+ i0 = output[0U]; 1169+ i1 = output[1U]; 1170+ i0_ = i0 & (uint64_t)0x7ffffffffffffU; 1171+ i1_ = i1 + (i0 >> (uint32_t)51U); 1172 output[0U] = i0_; 1173 output[1U] = i1_; 1174 } 1175@@ -226,28 +235,28 @@ 1176 uint64_t d2 = r2 * (uint64_t)2U * (uint64_t)19U; 1177 uint64_t d419 = r4 * (uint64_t)19U; 1178 uint64_t d4 = d419 * (uint64_t)2U; 1179- FStar_UInt128_t 1180- s0 = 1181+ FStar_UInt128_t s0; 1182+ FStar_UInt128_t s1; 1183+ FStar_UInt128_t s2; 1184+ FStar_UInt128_t s3; 1185+ FStar_UInt128_t s4; 1186+ s0 = 1187 FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(r0, r0), 1188 FStar_UInt128_mul_wide(d4, r1)), 1189 FStar_UInt128_mul_wide(d2, r3)); 1190- FStar_UInt128_t 1191- s1 = 1192+ s1 = 1193 FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r1), 1194 FStar_UInt128_mul_wide(d4, r2)), 1195 FStar_UInt128_mul_wide(r3 * (uint64_t)19U, r3)); 1196- FStar_UInt128_t 1197- s2 = 1198+ s2 = 1199 FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r2), 1200 FStar_UInt128_mul_wide(r1, r1)), 1201 FStar_UInt128_mul_wide(d4, r3)); 1202- FStar_UInt128_t 1203- s3 = 1204+ s3 = 1205 FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r3), 1206 FStar_UInt128_mul_wide(d1, r2)), 1207 FStar_UInt128_mul_wide(r4, d419)); 1208- FStar_UInt128_t 1209- s4 = 1210+ s4 = 1211 FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r4), 1212 FStar_UInt128_mul_wide(d1, r3)), 1213 FStar_UInt128_mul_wide(r2, r2)); 1214@@ -261,24 +270,30 @@ 1215 inline static void 1216 Hacl_Bignum_Fsquare_fsquare_(FStar_UInt128_t *tmp, uint64_t *output) 1217 { 1218+ FStar_UInt128_t b4; 1219+ FStar_UInt128_t b0; 1220+ FStar_UInt128_t b4_; 1221+ FStar_UInt128_t b0_; 1222+ uint64_t i0; 1223+ uint64_t i1; 1224+ uint64_t i0_; 1225+ uint64_t i1_; 1226 Hacl_Bignum_Fsquare_fsquare__(tmp, output); 1227 Hacl_Bignum_Fproduct_carry_wide_(tmp); 1228- FStar_UInt128_t b4 = tmp[4U]; 1229- FStar_UInt128_t b0 = tmp[0U]; 1230- FStar_UInt128_t 1231- b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); 1232- FStar_UInt128_t 1233- b0_ = 1234+ b4 = tmp[4U]; 1235+ b0 = tmp[0U]; 1236+ b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); 1237+ b0_ = 1238 FStar_UInt128_add(b0, 1239 FStar_UInt128_mul_wide((uint64_t)19U, 1240 FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U)))); 1241 tmp[4U] = b4_; 1242 tmp[0U] = b0_; 1243 Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp); 1244- uint64_t i0 = output[0U]; 1245- uint64_t i1 = output[1U]; 1246- uint64_t i0_ = i0 & (uint64_t)0x7ffffffffffffU; 1247- uint64_t i1_ = i1 + (i0 >> (uint32_t)51U); 1248+ i0 = output[0U]; 1249+ i1 = output[1U]; 1250+ i0_ = i0 & (uint64_t)0x7ffffffffffffU; 1251+ i1_ = i1 + (i0 >> (uint32_t)51U); 1252 output[0U] = i0_; 1253 output[1U] = i1_; 1254 } 1255@@ -286,17 +301,19 @@ 1256 static void 1257 Hacl_Bignum_Fsquare_fsquare_times_(uint64_t *input, FStar_UInt128_t *tmp, uint32_t count1) 1258 { 1259+ uint32_t i; 1260 Hacl_Bignum_Fsquare_fsquare_(tmp, input); 1261- for (uint32_t i = (uint32_t)1U; i < count1; i = i + (uint32_t)1U) 1262+ for (i = (uint32_t)1U; i < count1; i = i + (uint32_t)1U) 1263 Hacl_Bignum_Fsquare_fsquare_(tmp, input); 1264 } 1265 1266 inline static void 1267 Hacl_Bignum_Fsquare_fsquare_times(uint64_t *output, uint64_t *input, uint32_t count1) 1268 { 1269- KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); 1270 FStar_UInt128_t t[5U]; 1271- for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i) 1272+ uint32_t _i; 1273+ KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); 1274+ for (_i = 0U; _i < (uint32_t)5U; ++_i) 1275 t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U); 1276 memcpy(output, input, (uint32_t)5U * sizeof input[0U]); 1277 Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1); 1278@@ -305,9 +322,10 @@ 1279 inline static void 1280 Hacl_Bignum_Fsquare_fsquare_times_inplace(uint64_t *output, uint32_t count1) 1281 { 1282- KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); 1283 FStar_UInt128_t t[5U]; 1284- for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i) 1285+ uint32_t _i; 1286+ KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); 1287+ for (_i = 0U; _i < (uint32_t)5U; ++_i) 1288 t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U); 1289 Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1); 1290 } 1291@@ -319,6 +337,13 @@ 1292 uint64_t *a = buf; 1293 uint64_t *t00 = buf + (uint32_t)5U; 1294 uint64_t *b0 = buf + (uint32_t)10U; 1295+ uint64_t *t01; 1296+ uint64_t *b1; 1297+ uint64_t *c0; 1298+ uint64_t *a0; 1299+ uint64_t *t0; 1300+ uint64_t *b; 1301+ uint64_t *c; 1302 Hacl_Bignum_Fsquare_fsquare_times(a, z, (uint32_t)1U); 1303 Hacl_Bignum_Fsquare_fsquare_times(t00, a, (uint32_t)2U); 1304 Hacl_Bignum_Fmul_fmul(b0, t00, z); 1305@@ -326,9 +351,9 @@ 1306 Hacl_Bignum_Fsquare_fsquare_times(t00, a, (uint32_t)1U); 1307 Hacl_Bignum_Fmul_fmul(b0, t00, b0); 1308 Hacl_Bignum_Fsquare_fsquare_times(t00, b0, (uint32_t)5U); 1309- uint64_t *t01 = buf + (uint32_t)5U; 1310- uint64_t *b1 = buf + (uint32_t)10U; 1311- uint64_t *c0 = buf + (uint32_t)15U; 1312+ t01 = buf + (uint32_t)5U; 1313+ b1 = buf + (uint32_t)10U; 1314+ c0 = buf + (uint32_t)15U; 1315 Hacl_Bignum_Fmul_fmul(b1, t01, b1); 1316 Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)10U); 1317 Hacl_Bignum_Fmul_fmul(c0, t01, b1); 1318@@ -337,10 +362,10 @@ 1319 Hacl_Bignum_Fsquare_fsquare_times_inplace(t01, (uint32_t)10U); 1320 Hacl_Bignum_Fmul_fmul(b1, t01, b1); 1321 Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)50U); 1322- uint64_t *a0 = buf; 1323- uint64_t *t0 = buf + (uint32_t)5U; 1324- uint64_t *b = buf + (uint32_t)10U; 1325- uint64_t *c = buf + (uint32_t)15U; 1326+ a0 = buf; 1327+ t0 = buf + (uint32_t)5U; 1328+ b = buf + (uint32_t)10U; 1329+ c = buf + (uint32_t)15U; 1330 Hacl_Bignum_Fmul_fmul(c, t0, b); 1331 Hacl_Bignum_Fsquare_fsquare_times(t0, c, (uint32_t)100U); 1332 Hacl_Bignum_Fmul_fmul(t0, t0, c); 1333@@ -384,12 +409,17 @@ 1334 Hacl_Bignum_fdifference(uint64_t *a, uint64_t *b) 1335 { 1336 uint64_t tmp[5U] = { 0U }; 1337+ uint64_t b0; 1338+ uint64_t b1; 1339+ uint64_t b2; 1340+ uint64_t b3; 1341+ uint64_t b4; 1342 memcpy(tmp, b, (uint32_t)5U * sizeof b[0U]); 1343- uint64_t b0 = tmp[0U]; 1344- uint64_t b1 = tmp[1U]; 1345- uint64_t b2 = tmp[2U]; 1346- uint64_t b3 = tmp[3U]; 1347- uint64_t b4 = tmp[4U]; 1348+ b0 = tmp[0U]; 1349+ b1 = tmp[1U]; 1350+ b2 = tmp[2U]; 1351+ b3 = tmp[3U]; 1352+ b4 = tmp[4U]; 1353 tmp[0U] = b0 + (uint64_t)0x3fffffffffff68U; 1354 tmp[1U] = b1 + (uint64_t)0x3ffffffffffff8U; 1355 tmp[2U] = b2 + (uint64_t)0x3ffffffffffff8U; 1356@@ -425,9 +455,14 @@ 1357 inline static void 1358 Hacl_Bignum_fscalar(uint64_t *output, uint64_t *b, uint64_t s) 1359 { 1360- KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); 1361 FStar_UInt128_t tmp[5U]; 1362- for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i) 1363+ uint32_t _i; 1364+ FStar_UInt128_t b4; 1365+ FStar_UInt128_t b0; 1366+ FStar_UInt128_t b4_; 1367+ FStar_UInt128_t b0_; 1368+ KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); 1369+ for (_i = 0U; _i < (uint32_t)5U; ++_i) 1370 tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U); 1371 { 1372 uint64_t xi = b[0U]; 1373@@ -450,12 +485,10 @@ 1374 tmp[4U] = FStar_UInt128_mul_wide(xi, s); 1375 } 1376 Hacl_Bignum_Fproduct_carry_wide_(tmp); 1377- FStar_UInt128_t b4 = tmp[4U]; 1378- FStar_UInt128_t b0 = tmp[0U]; 1379- FStar_UInt128_t 1380- b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); 1381- FStar_UInt128_t 1382- b0_ = 1383+ b4 = tmp[4U]; 1384+ b0 = tmp[0U]; 1385+ b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); 1386+ b0_ = 1387 FStar_UInt128_add(b0, 1388 FStar_UInt128_mul_wide((uint64_t)19U, 1389 FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U)))); 1390@@ -492,9 +525,10 @@ 1391 static void 1392 Hacl_EC_Point_swap_conditional_(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr) 1393 { 1394+ uint32_t i; 1395 if (!(ctr == (uint32_t)0U)) { 1396 Hacl_EC_Point_swap_conditional_step(a, b, swap1, ctr); 1397- uint32_t i = ctr - (uint32_t)1U; 1398+ i = ctr - (uint32_t)1U; 1399 Hacl_EC_Point_swap_conditional_(a, b, swap1, i); 1400 } 1401 } 1402@@ -538,6 +572,16 @@ 1403 uint64_t *origxprime = buf + (uint32_t)5U; 1404 uint64_t *xxprime0 = buf + (uint32_t)25U; 1405 uint64_t *zzprime0 = buf + (uint32_t)30U; 1406+ uint64_t *origxprime0; 1407+ uint64_t *xx0; 1408+ uint64_t *zz0; 1409+ uint64_t *xxprime; 1410+ uint64_t *zzprime; 1411+ uint64_t *zzzprime; 1412+ uint64_t *zzz; 1413+ uint64_t *xx; 1414+ uint64_t *zz; 1415+ uint64_t scalar = (uint64_t)121665U; 1416 memcpy(origx, x, (uint32_t)5U * sizeof x[0U]); 1417 Hacl_Bignum_fsum(x, z); 1418 Hacl_Bignum_fdifference(z, origx); 1419@@ -546,12 +590,12 @@ 1420 Hacl_Bignum_fdifference(zprime, origxprime); 1421 Hacl_Bignum_fmul(xxprime0, xprime, z); 1422 Hacl_Bignum_fmul(zzprime0, x, zprime); 1423- uint64_t *origxprime0 = buf + (uint32_t)5U; 1424- uint64_t *xx0 = buf + (uint32_t)15U; 1425- uint64_t *zz0 = buf + (uint32_t)20U; 1426- uint64_t *xxprime = buf + (uint32_t)25U; 1427- uint64_t *zzprime = buf + (uint32_t)30U; 1428- uint64_t *zzzprime = buf + (uint32_t)35U; 1429+ origxprime0 = buf + (uint32_t)5U; 1430+ xx0 = buf + (uint32_t)15U; 1431+ zz0 = buf + (uint32_t)20U; 1432+ xxprime = buf + (uint32_t)25U; 1433+ zzprime = buf + (uint32_t)30U; 1434+ zzzprime = buf + (uint32_t)35U; 1435 memcpy(origxprime0, xxprime, (uint32_t)5U * sizeof xxprime[0U]); 1436 Hacl_Bignum_fsum(xxprime, zzprime); 1437 Hacl_Bignum_fdifference(zzprime, origxprime0); 1438@@ -560,12 +604,11 @@ 1439 Hacl_Bignum_fmul(z3, zzzprime, qx); 1440 Hacl_Bignum_Fsquare_fsquare_times(xx0, x, (uint32_t)1U); 1441 Hacl_Bignum_Fsquare_fsquare_times(zz0, z, (uint32_t)1U); 1442- uint64_t *zzz = buf + (uint32_t)10U; 1443- uint64_t *xx = buf + (uint32_t)15U; 1444- uint64_t *zz = buf + (uint32_t)20U; 1445+ zzz = buf + (uint32_t)10U; 1446+ xx = buf + (uint32_t)15U; 1447+ zz = buf + (uint32_t)20U; 1448 Hacl_Bignum_fmul(x2, xx, zz); 1449 Hacl_Bignum_fdifference(zz, xx); 1450- uint64_t scalar = (uint64_t)121665U; 1451 Hacl_Bignum_fscalar(zzz, zz, scalar); 1452 Hacl_Bignum_fsum(zzz, xx); 1453 Hacl_Bignum_fmul(z2, zzz, zz); 1454@@ -581,9 +624,10 @@ 1455 uint8_t byt) 1456 { 1457 uint64_t bit = (uint64_t)(byt >> (uint32_t)7U); 1458+ uint64_t bit0; 1459 Hacl_EC_Point_swap_conditional(nq, nqpq, bit); 1460 Hacl_EC_AddAndDouble_fmonty(nq2, nqpq2, nq, nqpq, q); 1461- uint64_t bit0 = (uint64_t)(byt >> (uint32_t)7U); 1462+ bit0 = (uint64_t)(byt >> (uint32_t)7U); 1463 Hacl_EC_Point_swap_conditional(nq2, nqpq2, bit0); 1464 } 1465 1466@@ -596,8 +640,9 @@ 1467 uint64_t *q, 1468 uint8_t byt) 1469 { 1470+ uint8_t byt1; 1471 Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq, nqpq, nq2, nqpq2, q, byt); 1472- uint8_t byt1 = byt << (uint32_t)1U; 1473+ byt1 = byt << (uint32_t)1U; 1474 Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq2, nqpq2, nq, nqpq, q, byt1); 1475 } 1476 1477@@ -613,8 +658,9 @@ 1478 { 1479 if (!(i == (uint32_t)0U)) { 1480 uint32_t i_ = i - (uint32_t)1U; 1481+ uint8_t byt_; 1482 Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(nq, nqpq, nq2, nqpq2, q, byt); 1483- uint8_t byt_ = byt << (uint32_t)2U; 1484+ byt_ = byt << (uint32_t)2U; 1485 Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byt_, i_); 1486 } 1487 } 1488@@ -731,12 +777,16 @@ 1489 static void 1490 Hacl_EC_Format_fcontract_second_carry_full(uint64_t *input) 1491 { 1492+ uint64_t i0; 1493+ uint64_t i1; 1494+ uint64_t i0_; 1495+ uint64_t i1_; 1496 Hacl_EC_Format_fcontract_second_carry_pass(input); 1497 Hacl_Bignum_Modulo_carry_top(input); 1498- uint64_t i0 = input[0U]; 1499- uint64_t i1 = input[1U]; 1500- uint64_t i0_ = i0 & (uint64_t)0x7ffffffffffffU; 1501- uint64_t i1_ = i1 + (i0 >> (uint32_t)51U); 1502+ i0 = input[0U]; 1503+ i1 = input[1U]; 1504+ i0_ = i0 & (uint64_t)0x7ffffffffffffU; 1505+ i1_ = i1 + (i0 >> (uint32_t)51U); 1506 input[0U] = i0_; 1507 input[1U] = i1_; 1508 } 1509@@ -817,22 +867,31 @@ 1510 uint64_t buf0[10U] = { 0U }; 1511 uint64_t *x0 = buf0; 1512 uint64_t *z = buf0 + (uint32_t)5U; 1513+ uint64_t *q; 1514+ uint8_t e[32U] = { 0U }; 1515+ uint8_t e0; 1516+ uint8_t e31; 1517+ uint8_t e01; 1518+ uint8_t e311; 1519+ uint8_t e312; 1520+ uint8_t *scalar; 1521+ uint64_t buf[15U] = { 0U }; 1522+ uint64_t *nq; 1523+ uint64_t *x; 1524 Hacl_EC_Format_fexpand(x0, basepoint); 1525 z[0U] = (uint64_t)1U; 1526- uint64_t *q = buf0; 1527- uint8_t e[32U] = { 0U }; 1528+ q = buf0; 1529 memcpy(e, secret, (uint32_t)32U * sizeof secret[0U]); 1530- uint8_t e0 = e[0U]; 1531- uint8_t e31 = e[31U]; 1532- uint8_t e01 = e0 & (uint8_t)248U; 1533- uint8_t e311 = e31 & (uint8_t)127U; 1534- uint8_t e312 = e311 | (uint8_t)64U; 1535+ e0 = e[0U]; 1536+ e31 = e[31U]; 1537+ e01 = e0 & (uint8_t)248U; 1538+ e311 = e31 & (uint8_t)127U; 1539+ e312 = e311 | (uint8_t)64U; 1540 e[0U] = e01; 1541 e[31U] = e312; 1542- uint8_t *scalar = e; 1543- uint64_t buf[15U] = { 0U }; 1544- uint64_t *nq = buf; 1545- uint64_t *x = nq; 1546+ scalar = e; 1547+ nq = buf; 1548+ x = nq; 1549 x[0U] = (uint64_t)1U; 1550 Hacl_EC_Ladder_cmult(nq, scalar, q); 1551 Hacl_EC_Format_scalar_of_point(mypublic, nq); 1552diff -ur misc/nss-3.39/nss/lib/freebl/verified/Hacl_Curve25519.h misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Curve25519.h 1553--- misc/nss-3.39/nss/lib/freebl/verified/Hacl_Curve25519.h 2018-08-31 05:55:53.000000000 -0700 1554+++ misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Curve25519.h 2018-10-21 22:18:23.286647000 -0700 1555@@ -13,6 +13,7 @@ 1556 * limitations under the License. 1557 */ 1558 1559+#include "secport.h" 1560 #include "kremlib.h" 1561 #ifndef __Hacl_Curve25519_H 1562 #define __Hacl_Curve25519_H 1563diff -ur misc/nss-3.39/nss/lib/freebl/verified/Hacl_Poly1305_32.c misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Poly1305_32.c 1564--- misc/nss-3.39/nss/lib/freebl/verified/Hacl_Poly1305_32.c 2018-08-31 05:55:53.000000000 -0700 1565+++ misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Poly1305_32.c 2018-10-22 00:58:55.601973000 -0700 1566@@ -47,7 +47,8 @@ 1567 inline static void 1568 Hacl_Bignum_Fproduct_copy_from_wide_(uint32_t *output, uint64_t *input) 1569 { 1570- for (uint32_t i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) { 1571+ uint32_t i; 1572+ for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) { 1573 uint64_t xi = input[i]; 1574 output[i] = (uint32_t)xi; 1575 } 1576@@ -56,7 +57,8 @@ 1577 inline static void 1578 Hacl_Bignum_Fproduct_sum_scalar_multiplication_(uint64_t *output, uint32_t *input, uint32_t s) 1579 { 1580- for (uint32_t i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) { 1581+ uint32_t i; 1582+ for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) { 1583 uint64_t xi = output[i]; 1584 uint32_t yi = input[i]; 1585 uint64_t x_wide = (uint64_t)yi; 1586@@ -68,7 +70,8 @@ 1587 inline static void 1588 Hacl_Bignum_Fproduct_carry_wide_(uint64_t *tmp) 1589 { 1590- for (uint32_t i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { 1591+ uint32_t i; 1592+ for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { 1593 uint32_t ctr = i; 1594 uint64_t tctr = tmp[ctr]; 1595 uint64_t tctrp1 = tmp[ctr + (uint32_t)1U]; 1596@@ -82,7 +85,8 @@ 1597 inline static void 1598 Hacl_Bignum_Fproduct_carry_limb_(uint32_t *tmp) 1599 { 1600- for (uint32_t i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { 1601+ uint32_t i; 1602+ for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { 1603 uint32_t ctr = i; 1604 uint32_t tctr = tmp[ctr]; 1605 uint32_t tctrp1 = tmp[ctr + (uint32_t)1U]; 1606@@ -97,7 +101,8 @@ 1607 Hacl_Bignum_Fmul_shift_reduce(uint32_t *output) 1608 { 1609 uint32_t tmp = output[4U]; 1610- for (uint32_t i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { 1611+ uint32_t i; 1612+ for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { 1613 uint32_t ctr = (uint32_t)5U - i - (uint32_t)1U; 1614 uint32_t z = output[ctr - (uint32_t)1U]; 1615 output[ctr] = z; 1616@@ -109,13 +114,15 @@ 1617 static void 1618 Hacl_Bignum_Fmul_mul_shift_reduce_(uint64_t *output, uint32_t *input, uint32_t *input2) 1619 { 1620- for (uint32_t i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { 1621+ uint32_t i; 1622+ uint32_t input2i; 1623+ for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { 1624 uint32_t input2i = input2[i]; 1625 Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i); 1626 Hacl_Bignum_Fmul_shift_reduce(input); 1627 } 1628- uint32_t i = (uint32_t)4U; 1629- uint32_t input2i = input2[i]; 1630+ i = (uint32_t)4U; 1631+ input2i = input2[i]; 1632 Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i); 1633 } 1634 1635@@ -123,16 +130,20 @@ 1636 Hacl_Bignum_Fmul_fmul(uint32_t *output, uint32_t *input, uint32_t *input2) 1637 { 1638 uint32_t tmp[5U] = { 0U }; 1639- memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]); 1640 uint64_t t[5U] = { 0U }; 1641+ uint32_t i0; 1642+ uint32_t i1; 1643+ uint32_t i0_; 1644+ uint32_t i1_; 1645+ memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]); 1646 Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input2); 1647 Hacl_Bignum_Fproduct_carry_wide_(t); 1648 Hacl_Bignum_Modulo_carry_top_wide(t); 1649 Hacl_Bignum_Fproduct_copy_from_wide_(output, t); 1650- uint32_t i0 = output[0U]; 1651- uint32_t i1 = output[1U]; 1652- uint32_t i0_ = i0 & (uint32_t)0x3ffffffU; 1653- uint32_t i1_ = i1 + (i0 >> (uint32_t)26U); 1654+ i0 = output[0U]; 1655+ i1 = output[1U]; 1656+ i0_ = i0 & (uint32_t)0x3ffffffU; 1657+ i1_ = i1 + (i0 >> (uint32_t)26U); 1658 output[0U] = i0_; 1659 output[1U] = i1_; 1660 } 1661@@ -140,7 +151,8 @@ 1662 inline static void 1663 Hacl_Bignum_AddAndMultiply_add_and_multiply(uint32_t *acc, uint32_t *block, uint32_t *r) 1664 { 1665- for (uint32_t i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) { 1666+ uint32_t i; 1667+ for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) { 1668 uint32_t xi = acc[i]; 1669 uint32_t yi = block[i]; 1670 acc[i] = xi + yi; 1671@@ -175,13 +187,15 @@ 1672 uint32_t r2 = i2 >> (uint32_t)4U & (uint32_t)0x3ffffffU; 1673 uint32_t r3 = i3 >> (uint32_t)6U & (uint32_t)0x3ffffffU; 1674 uint32_t r4 = i4 >> (uint32_t)8U; 1675+ uint32_t b4; 1676+ uint32_t b4_; 1677 tmp[0U] = r0; 1678 tmp[1U] = r1; 1679 tmp[2U] = r2; 1680 tmp[3U] = r3; 1681 tmp[4U] = r4; 1682- uint32_t b4 = tmp[4U]; 1683- uint32_t b4_ = (uint32_t)0x1000000U | b4; 1684+ b4 = tmp[4U]; 1685+ b4_ = (uint32_t)0x1000000U | b4; 1686 tmp[4U] = b4_; 1687 Hacl_Bignum_AddAndMultiply_add_and_multiply(acc, tmp, r5); 1688 } 1689@@ -209,15 +223,19 @@ 1690 uint32_t r2 = i2 >> (uint32_t)4U & (uint32_t)0x3ffffffU; 1691 uint32_t r3 = i3 >> (uint32_t)6U & (uint32_t)0x3ffffffU; 1692 uint32_t r4 = i4 >> (uint32_t)8U; 1693+ Hacl_Impl_Poly1305_32_State_poly1305_state scrut0; 1694+ uint32_t *h; 1695+ Hacl_Impl_Poly1305_32_State_poly1305_state scrut; 1696+ uint32_t *r; 1697 tmp[0U] = r0; 1698 tmp[1U] = r1; 1699 tmp[2U] = r2; 1700 tmp[3U] = r3; 1701 tmp[4U] = r4; 1702- Hacl_Impl_Poly1305_32_State_poly1305_state scrut0 = st; 1703- uint32_t *h = scrut0.h; 1704- Hacl_Impl_Poly1305_32_State_poly1305_state scrut = st; 1705- uint32_t *r = scrut.r; 1706+ scrut0 = st; 1707+ h = scrut0.h; 1708+ scrut = st; 1709+ r = scrut.r; 1710 Hacl_Bignum_AddAndMultiply_add_and_multiply(h, tmp, r); 1711 } 1712 1713@@ -228,12 +246,15 @@ 1714 uint64_t rem_) 1715 { 1716 uint8_t zero1 = (uint8_t)0U; 1717- KRML_CHECK_SIZE(zero1, (uint32_t)16U); 1718 uint8_t block[16U]; 1719- for (uint32_t _i = 0U; _i < (uint32_t)16U; ++_i) 1720+ uint32_t _i; 1721+ uint32_t i0; 1722+ uint32_t i; 1723+ KRML_CHECK_SIZE(zero1, (uint32_t)16U); 1724+ for (_i = 0U; _i < (uint32_t)16U; ++_i) 1725 block[_i] = zero1; 1726- uint32_t i0 = (uint32_t)rem_; 1727- uint32_t i = (uint32_t)rem_; 1728+ i0 = (uint32_t)rem_; 1729+ i = (uint32_t)rem_; 1730 memcpy(block, m, i * sizeof m[0U]); 1731 block[i0] = (uint8_t)1U; 1732 Hacl_Impl_Poly1305_32_poly1305_process_last_block_(block, st, m, rem_); 1733@@ -242,69 +263,116 @@ 1734 static void 1735 Hacl_Impl_Poly1305_32_poly1305_last_pass(uint32_t *acc) 1736 { 1737+ uint32_t t0; 1738+ uint32_t t10; 1739+ uint32_t t20; 1740+ uint32_t t30; 1741+ uint32_t t40; 1742+ uint32_t t1_; 1743+ uint32_t mask_261; 1744+ uint32_t t0_; 1745+ uint32_t t2_; 1746+ uint32_t t1__; 1747+ uint32_t t3_; 1748+ uint32_t t2__; 1749+ uint32_t t4_; 1750+ uint32_t t3__; 1751+ uint32_t t00; 1752+ uint32_t t1; 1753+ uint32_t t2; 1754+ uint32_t t3; 1755+ uint32_t t4; 1756+ uint32_t t1_0; 1757+ uint32_t t0_0; 1758+ uint32_t t2_0; 1759+ uint32_t t1__0; 1760+ uint32_t t3_0; 1761+ uint32_t t2__0; 1762+ uint32_t t4_0; 1763+ uint32_t t3__0; 1764+ uint32_t i0; 1765+ uint32_t i1; 1766+ uint32_t i0_; 1767+ uint32_t i1_; 1768+ uint32_t a0; 1769+ uint32_t a1; 1770+ uint32_t a2; 1771+ uint32_t a3; 1772+ uint32_t a4; 1773+ uint32_t mask0; 1774+ uint32_t mask1; 1775+ uint32_t mask2; 1776+ uint32_t mask3; 1777+ uint32_t mask4; 1778+ uint32_t mask; 1779+ uint32_t a0_; 1780+ uint32_t a1_; 1781+ uint32_t a2_; 1782+ uint32_t a3_; 1783+ uint32_t a4_; 1784 Hacl_Bignum_Fproduct_carry_limb_(acc); 1785 Hacl_Bignum_Modulo_carry_top(acc); 1786- uint32_t t0 = acc[0U]; 1787- uint32_t t10 = acc[1U]; 1788- uint32_t t20 = acc[2U]; 1789- uint32_t t30 = acc[3U]; 1790- uint32_t t40 = acc[4U]; 1791- uint32_t t1_ = t10 + (t0 >> (uint32_t)26U); 1792- uint32_t mask_261 = (uint32_t)0x3ffffffU; 1793- uint32_t t0_ = t0 & mask_261; 1794- uint32_t t2_ = t20 + (t1_ >> (uint32_t)26U); 1795- uint32_t t1__ = t1_ & mask_261; 1796- uint32_t t3_ = t30 + (t2_ >> (uint32_t)26U); 1797- uint32_t t2__ = t2_ & mask_261; 1798- uint32_t t4_ = t40 + (t3_ >> (uint32_t)26U); 1799- uint32_t t3__ = t3_ & mask_261; 1800+ t0 = acc[0U]; 1801+ t10 = acc[1U]; 1802+ t20 = acc[2U]; 1803+ t30 = acc[3U]; 1804+ t40 = acc[4U]; 1805+ t1_ = t10 + (t0 >> (uint32_t)26U); 1806+ mask_261 = (uint32_t)0x3ffffffU; 1807+ t0_ = t0 & mask_261; 1808+ t2_ = t20 + (t1_ >> (uint32_t)26U); 1809+ t1__ = t1_ & mask_261; 1810+ t3_ = t30 + (t2_ >> (uint32_t)26U); 1811+ t2__ = t2_ & mask_261; 1812+ t4_ = t40 + (t3_ >> (uint32_t)26U); 1813+ t3__ = t3_ & mask_261; 1814 acc[0U] = t0_; 1815 acc[1U] = t1__; 1816 acc[2U] = t2__; 1817 acc[3U] = t3__; 1818 acc[4U] = t4_; 1819 Hacl_Bignum_Modulo_carry_top(acc); 1820- uint32_t t00 = acc[0U]; 1821- uint32_t t1 = acc[1U]; 1822- uint32_t t2 = acc[2U]; 1823- uint32_t t3 = acc[3U]; 1824- uint32_t t4 = acc[4U]; 1825- uint32_t t1_0 = t1 + (t00 >> (uint32_t)26U); 1826- uint32_t t0_0 = t00 & (uint32_t)0x3ffffffU; 1827- uint32_t t2_0 = t2 + (t1_0 >> (uint32_t)26U); 1828- uint32_t t1__0 = t1_0 & (uint32_t)0x3ffffffU; 1829- uint32_t t3_0 = t3 + (t2_0 >> (uint32_t)26U); 1830- uint32_t t2__0 = t2_0 & (uint32_t)0x3ffffffU; 1831- uint32_t t4_0 = t4 + (t3_0 >> (uint32_t)26U); 1832- uint32_t t3__0 = t3_0 & (uint32_t)0x3ffffffU; 1833+ t00 = acc[0U]; 1834+ t1 = acc[1U]; 1835+ t2 = acc[2U]; 1836+ t3 = acc[3U]; 1837+ t4 = acc[4U]; 1838+ t1_0 = t1 + (t00 >> (uint32_t)26U); 1839+ t0_0 = t00 & (uint32_t)0x3ffffffU; 1840+ t2_0 = t2 + (t1_0 >> (uint32_t)26U); 1841+ t1__0 = t1_0 & (uint32_t)0x3ffffffU; 1842+ t3_0 = t3 + (t2_0 >> (uint32_t)26U); 1843+ t2__0 = t2_0 & (uint32_t)0x3ffffffU; 1844+ t4_0 = t4 + (t3_0 >> (uint32_t)26U); 1845+ t3__0 = t3_0 & (uint32_t)0x3ffffffU; 1846 acc[0U] = t0_0; 1847 acc[1U] = t1__0; 1848 acc[2U] = t2__0; 1849 acc[3U] = t3__0; 1850 acc[4U] = t4_0; 1851 Hacl_Bignum_Modulo_carry_top(acc); 1852- uint32_t i0 = acc[0U]; 1853- uint32_t i1 = acc[1U]; 1854- uint32_t i0_ = i0 & (uint32_t)0x3ffffffU; 1855- uint32_t i1_ = i1 + (i0 >> (uint32_t)26U); 1856+ i0 = acc[0U]; 1857+ i1 = acc[1U]; 1858+ i0_ = i0 & (uint32_t)0x3ffffffU; 1859+ i1_ = i1 + (i0 >> (uint32_t)26U); 1860 acc[0U] = i0_; 1861 acc[1U] = i1_; 1862- uint32_t a0 = acc[0U]; 1863- uint32_t a1 = acc[1U]; 1864- uint32_t a2 = acc[2U]; 1865- uint32_t a3 = acc[3U]; 1866- uint32_t a4 = acc[4U]; 1867- uint32_t mask0 = FStar_UInt32_gte_mask(a0, (uint32_t)0x3fffffbU); 1868- uint32_t mask1 = FStar_UInt32_eq_mask(a1, (uint32_t)0x3ffffffU); 1869- uint32_t mask2 = FStar_UInt32_eq_mask(a2, (uint32_t)0x3ffffffU); 1870- uint32_t mask3 = FStar_UInt32_eq_mask(a3, (uint32_t)0x3ffffffU); 1871- uint32_t mask4 = FStar_UInt32_eq_mask(a4, (uint32_t)0x3ffffffU); 1872- uint32_t mask = (((mask0 & mask1) & mask2) & mask3) & mask4; 1873- uint32_t a0_ = a0 - ((uint32_t)0x3fffffbU & mask); 1874- uint32_t a1_ = a1 - ((uint32_t)0x3ffffffU & mask); 1875- uint32_t a2_ = a2 - ((uint32_t)0x3ffffffU & mask); 1876- uint32_t a3_ = a3 - ((uint32_t)0x3ffffffU & mask); 1877- uint32_t a4_ = a4 - ((uint32_t)0x3ffffffU & mask); 1878+ a0 = acc[0U]; 1879+ a1 = acc[1U]; 1880+ a2 = acc[2U]; 1881+ a3 = acc[3U]; 1882+ a4 = acc[4U]; 1883+ mask0 = FStar_UInt32_gte_mask(a0, (uint32_t)0x3fffffbU); 1884+ mask1 = FStar_UInt32_eq_mask(a1, (uint32_t)0x3ffffffU); 1885+ mask2 = FStar_UInt32_eq_mask(a2, (uint32_t)0x3ffffffU); 1886+ mask3 = FStar_UInt32_eq_mask(a3, (uint32_t)0x3ffffffU); 1887+ mask4 = FStar_UInt32_eq_mask(a4, (uint32_t)0x3ffffffU); 1888+ mask = (((mask0 & mask1) & mask2) & mask3) & mask4; 1889+ a0_ = a0 - ((uint32_t)0x3fffffbU & mask); 1890+ a1_ = a1 - ((uint32_t)0x3ffffffU & mask); 1891+ a2_ = a2 - ((uint32_t)0x3ffffffU & mask); 1892+ a3_ = a3 - ((uint32_t)0x3ffffffU & mask); 1893+ a4_ = a4 - ((uint32_t)0x3ffffffU & mask); 1894 acc[0U] = a0_; 1895 acc[1U] = a1_; 1896 acc[2U] = a2_; 1897@@ -315,7 +383,10 @@ 1898 static Hacl_Impl_Poly1305_32_State_poly1305_state 1899 Hacl_Impl_Poly1305_32_mk_state(uint32_t *r, uint32_t *h) 1900 { 1901- return ((Hacl_Impl_Poly1305_32_State_poly1305_state){.r = r, .h = h }); 1902+ Hacl_Impl_Poly1305_32_State_poly1305_state ret; 1903+ ret.r = r; 1904+ ret.h = h; 1905+ return (ret); 1906 } 1907 1908 static void 1909@@ -327,8 +398,9 @@ 1910 if (!(len1 == (uint64_t)0U)) { 1911 uint8_t *block = m; 1912 uint8_t *tail1 = m + (uint32_t)16U; 1913+ uint64_t len2; 1914 Hacl_Impl_Poly1305_32_poly1305_update(st, block); 1915- uint64_t len2 = len1 - (uint64_t)1U; 1916+ len2 = len1 - (uint64_t)1U; 1917 Hacl_Standalone_Poly1305_32_poly1305_blocks(st, tail1, len2); 1918 } 1919 } 1920@@ -363,14 +435,17 @@ 1921 uint32_t 1922 r4 = 1923 (uint32_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(k_clamped, (uint32_t)104U)) & (uint32_t)0x3ffffffU; 1924+ Hacl_Impl_Poly1305_32_State_poly1305_state scrut0; 1925+ uint32_t *h; 1926+ uint32_t *x00; 1927 x0[0U] = r0; 1928 x0[1U] = r1; 1929 x0[2U] = r2; 1930 x0[3U] = r3; 1931 x0[4U] = r4; 1932- Hacl_Impl_Poly1305_32_State_poly1305_state scrut0 = st; 1933- uint32_t *h = scrut0.h; 1934- uint32_t *x00 = h; 1935+ scrut0 = st; 1936+ h = scrut0.h; 1937+ x00 = h; 1938 x00[0U] = (uint32_t)0U; 1939 x00[1U] = (uint32_t)0U; 1940 x00[2U] = (uint32_t)0U; 1941@@ -391,12 +466,15 @@ 1942 uint64_t rem16 = len1 & (uint64_t)0xfU; 1943 uint8_t *part_input = m; 1944 uint8_t *last_block = m + (uint32_t)((uint64_t)16U * len16); 1945+ Hacl_Impl_Poly1305_32_State_poly1305_state scrut; 1946+ uint32_t *h; 1947+ uint32_t *acc; 1948 Hacl_Standalone_Poly1305_32_poly1305_partial(st, part_input, len16, kr); 1949 if (!(rem16 == (uint64_t)0U)) 1950 Hacl_Impl_Poly1305_32_poly1305_process_last_block(st, last_block, rem16); 1951- Hacl_Impl_Poly1305_32_State_poly1305_state scrut = st; 1952- uint32_t *h = scrut.h; 1953- uint32_t *acc = h; 1954+ scrut = st; 1955+ h = scrut.h; 1956+ acc = h; 1957 Hacl_Impl_Poly1305_32_poly1305_last_pass(acc); 1958 } 1959 1960@@ -410,20 +488,31 @@ 1961 uint32_t buf[10U] = { 0U }; 1962 uint32_t *r = buf; 1963 uint32_t *h = buf + (uint32_t)5U; 1964+ uint8_t *key_s; 1965+ Hacl_Impl_Poly1305_32_State_poly1305_state scrut; 1966+ uint32_t *h5; 1967+ uint32_t *acc; 1968+ FStar_UInt128_t k_; 1969+ uint32_t h0; 1970+ uint32_t h1; 1971+ uint32_t h2; 1972+ uint32_t h3; 1973+ uint32_t h4; 1974+ FStar_UInt128_t acc_; 1975+ FStar_UInt128_t mac_; 1976 Hacl_Impl_Poly1305_32_State_poly1305_state st = Hacl_Impl_Poly1305_32_mk_state(r, h); 1977- uint8_t *key_s = k1 + (uint32_t)16U; 1978+ key_s = k1 + (uint32_t)16U; 1979 Hacl_Standalone_Poly1305_32_poly1305_complete(st, input, len1, k1); 1980- Hacl_Impl_Poly1305_32_State_poly1305_state scrut = st; 1981- uint32_t *h5 = scrut.h; 1982- uint32_t *acc = h5; 1983- FStar_UInt128_t k_ = load128_le(key_s); 1984- uint32_t h0 = acc[0U]; 1985- uint32_t h1 = acc[1U]; 1986- uint32_t h2 = acc[2U]; 1987- uint32_t h3 = acc[3U]; 1988- uint32_t h4 = acc[4U]; 1989- FStar_UInt128_t 1990- acc_ = 1991+ scrut = st; 1992+ h5 = scrut.h; 1993+ acc = h5; 1994+ k_ = load128_le(key_s); 1995+ h0 = acc[0U]; 1996+ h1 = acc[1U]; 1997+ h2 = acc[2U]; 1998+ h3 = acc[3U]; 1999+ h4 = acc[4U]; 2000+ acc_ = 2001 FStar_UInt128_logor(FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)h4), 2002 (uint32_t)104U), 2003 FStar_UInt128_logor(FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)h3), 2004@@ -433,7 +522,7 @@ 2005 FStar_UInt128_logor(FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)h1), 2006 (uint32_t)26U), 2007 FStar_UInt128_uint64_to_uint128((uint64_t)h0))))); 2008- FStar_UInt128_t mac_ = FStar_UInt128_add_mod(acc_, k_); 2009+ mac_ = FStar_UInt128_add_mod(acc_, k_); 2010 store128_le(output, mac_); 2011 } 2012 2013@@ -485,14 +574,17 @@ 2014 uint32_t 2015 r4 = 2016 (uint32_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(k_clamped, (uint32_t)104U)) & (uint32_t)0x3ffffffU; 2017+ Hacl_Impl_Poly1305_32_State_poly1305_state scrut0; 2018+ uint32_t *h; 2019+ uint32_t *x00; 2020 x0[0U] = r0; 2021 x0[1U] = r1; 2022 x0[2U] = r2; 2023 x0[3U] = r3; 2024 x0[4U] = r4; 2025- Hacl_Impl_Poly1305_32_State_poly1305_state scrut0 = st; 2026- uint32_t *h = scrut0.h; 2027- uint32_t *x00 = h; 2028+ scrut0 = st; 2029+ h = scrut0.h; 2030+ x00 = h; 2031 x00[0U] = (uint32_t)0U; 2032 x00[1U] = (uint32_t)0U; 2033 x00[2U] = (uint32_t)0U; 2034@@ -529,11 +621,14 @@ 2035 uint8_t *m, 2036 uint32_t len1) 2037 { 2038+ Hacl_Impl_Poly1305_32_State_poly1305_state scrut; 2039+ uint32_t *h; 2040+ uint32_t *acc; 2041 if (!((uint64_t)len1 == (uint64_t)0U)) 2042 Hacl_Impl_Poly1305_32_poly1305_process_last_block(st, m, (uint64_t)len1); 2043- Hacl_Impl_Poly1305_32_State_poly1305_state scrut = st; 2044- uint32_t *h = scrut.h; 2045- uint32_t *acc = h; 2046+ scrut = st; 2047+ h = scrut.h; 2048+ acc = h; 2049 Hacl_Impl_Poly1305_32_poly1305_last_pass(acc); 2050 } 2051 2052diff -ur misc/nss-3.39/nss/lib/freebl/verified/Hacl_Poly1305_32.h misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Poly1305_32.h 2053--- misc/nss-3.39/nss/lib/freebl/verified/Hacl_Poly1305_32.h 2018-08-31 05:55:53.000000000 -0700 2054+++ misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Poly1305_32.h 2018-10-22 00:11:45.152423000 -0700 2055@@ -13,6 +13,7 @@ 2056 * limitations under the License. 2057 */ 2058 2059+#include "secport.h" 2060 #include "kremlib.h" 2061 #ifndef __Hacl_Poly1305_32_H 2062 #define __Hacl_Poly1305_32_H 2063diff -ur misc/nss-3.39/nss/lib/freebl/verified/kremlib_base.h misc/build/nss-3.39/nss/lib/freebl/verified/kremlib_base.h 2064--- misc/nss-3.39/nss/lib/freebl/verified/kremlib_base.h 2018-08-31 05:55:53.000000000 -0700 2065+++ misc/build/nss-3.39/nss/lib/freebl/verified/kremlib_base.h 2018-10-21 20:56:12.848112000 -0700 2066@@ -16,9 +16,26 @@ 2067 #ifndef __KREMLIB_BASE_H 2068 #define __KREMLIB_BASE_H 2069 2070-#include <inttypes.h> 2071+#if defined(_MSC_VER) && _MSC_VER < 1800 2072+ #define PRIx8 "x" 2073+ #define PRIx16 "x" 2074+ #define PRIx32 "x" 2075+ #ifdef _WIN64 2076+ #define PRIx64 "lx" 2077+ #else 2078+ #define PRIx64 "llx" 2079+ #endif 2080+#else 2081+ #include <inttypes.h> 2082+#endif 2083 #include <limits.h> 2084-#include <stdbool.h> 2085+#if defined(_MSC_VER) && _MSC_VER < 1600 2086+ #define false 0 2087+ #define true 1 2088+typedef int bool; 2089+#else 2090+ #include <stdbool.h> 2091+#endif 2092 #include <stdio.h> 2093 #include <stdlib.h> 2094 #include <string.h> 2095@@ -47,6 +64,9 @@ 2096 2097 #ifdef __GNUC__ 2098 #define inline __inline__ 2099+#endif 2100+#if defined(_MSC_VER) 2101+#define inline __inline 2102 #endif 2103 2104 /* GCC-specific attribute syntax; everyone else gets the standard C inline 2105diff -ur misc/nss-3.39/nss/lib/pk11wrap/pk11skey.c misc/build/nss-3.39/nss/lib/pk11wrap/pk11skey.c 2106--- misc/nss-3.39/nss/lib/pk11wrap/pk11skey.c 2018-08-31 05:55:53.000000000 -0700 2107+++ misc/build/nss-3.39/nss/lib/pk11wrap/pk11skey.c 2018-10-22 01:25:27.313788000 -0700 2108@@ -2217,12 +2217,13 @@ 2109 /* old PKCS #11 spec was ambiguous on what needed to be passed, 2110 * try this again with an encoded public key */ 2111 if (crv != CKR_OK) { 2112+ SECItem *pubValue; 2113 /* For curves that only use X as public value and no encoding we don't 2114 * have to try again. (Currently only Curve25519) */ 2115 if (pk11_ECGetPubkeyEncoding(pubKey) == ECPoint_XOnly) { 2116 goto loser; 2117 } 2118- SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL, 2119+ pubValue = SEC_ASN1EncodeItem(NULL, NULL, 2120 &pubKey->u.ec.publicValue, 2121 SEC_ASN1_GET(SEC_OctetStringTemplate)); 2122 if (pubValue == NULL) { 2123diff -ur misc/nss-3.39/nss/lib/pkcs7/p7create.c misc/build/nss-3.39/nss/lib/pkcs7/p7create.c 2124--- misc/nss-3.39/nss/lib/pkcs7/p7create.c 2018-08-31 05:55:53.000000000 -0700 2125+++ misc/build/nss-3.39/nss/lib/pkcs7/p7create.c 2018-10-22 10:00:01.127657000 -0700 2126@@ -1263,6 +1263,7 @@ 2127 SECAlgorithmID *algid; 2128 SEC_PKCS7EncryptedData *enc_data; 2129 SECStatus rv; 2130+ SECAlgorithmID *pbe_algid; 2131 2132 PORT_Assert(SEC_PKCS5IsAlgorithmPBEAlgTag(pbe_algorithm)); 2133 2134@@ -1274,7 +1275,6 @@ 2135 enc_data = cinfo->content.encryptedData; 2136 algid = &(enc_data->encContentInfo.contentEncAlg); 2137 2138- SECAlgorithmID *pbe_algid; 2139 pbe_algid = PK11_CreatePBEV2AlgorithmID(pbe_algorithm, 2140 cipher_algorithm, 2141 prf_algorithm, 2142diff -ur misc/nss-3.39/nss/lib/softoken/pkcs11c.c misc/build/nss-3.39/nss/lib/softoken/pkcs11c.c 2143--- misc/nss-3.39/nss/lib/softoken/pkcs11c.c 2018-08-31 05:55:53.000000000 -0700 2144+++ misc/build/nss-3.39/nss/lib/softoken/pkcs11c.c 2018-10-22 01:08:34.274286000 -0700 2145@@ -5125,8 +5125,9 @@ 2146 crv = sftk_AddAttributeType(publicKey, CKA_EC_POINT, 2147 sftk_item_expand(&ecPriv->publicValue)); 2148 } else { 2149+ SECItem *pubValue; 2150 PORT_FreeArena(ecParams->arena, PR_TRUE); 2151- SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL, 2152+ pubValue = SEC_ASN1EncodeItem(NULL, NULL, 2153 &ecPriv->publicValue, 2154 SEC_ASN1_GET(SEC_OctetStringTemplate)); 2155 if (!pubValue) { 2156diff -ur misc/nss-3.39/nss/lib/softoken/sdb.c misc/build/nss-3.39/nss/lib/softoken/sdb.c 2157--- misc/nss-3.39/nss/lib/softoken/sdb.c 2018-08-31 05:55:53.000000000 -0700 2158+++ misc/build/nss-3.39/nss/lib/softoken/sdb.c 2018-10-22 01:18:14.220773000 -0700 2159@@ -206,12 +206,13 @@ 2160 sdb_chmod(const char *filename, int pmode) 2161 { 2162 int result; 2163+ wchar_t *filenameWide; 2164 2165 if (!filename) { 2166 return -1; 2167 } 2168 2169- wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename); 2170+ filenameWide = _NSSUTIL_UTF8ToWide(filename); 2171 if (!filenameWide) { 2172 return -1; 2173 } 2174diff -ur misc/nss-3.39/nss/lib/ssl/dtls13con.c misc/build/nss-3.39/nss/lib/ssl/dtls13con.c 2175--- misc/nss-3.39/nss/lib/ssl/dtls13con.c 2018-08-31 05:55:53.000000000 -0700 2176+++ misc/build/nss-3.39/nss/lib/ssl/dtls13con.c 2018-10-22 01:31:19.795730000 -0700 2177@@ -64,7 +64,7 @@ 2178 } DTLSHandshakeRecordEntry; 2179 2180 /* Combine the epoch and sequence number into a single value. */ 2181-static inline sslSequenceNumber 2182+static __inline sslSequenceNumber 2183 dtls_CombineSequenceNumber(DTLSEpoch epoch, sslSequenceNumber seqNum) 2184 { 2185 PORT_Assert(seqNum <= RECORD_SEQ_MAX); 2186diff -ur misc/nss-3.39/nss/lib/ssl/selfencrypt.c misc/build/nss-3.39/nss/lib/ssl/selfencrypt.c 2187--- misc/nss-3.39/nss/lib/ssl/selfencrypt.c 2018-08-31 05:55:53.000000000 -0700 2188+++ misc/build/nss-3.39/nss/lib/ssl/selfencrypt.c 2018-10-22 03:36:02.726686000 -0700 2189@@ -193,6 +193,14 @@ 2190 PRUint8 *out, unsigned int *outLen, unsigned int maxOutLen) 2191 { 2192 sslReader reader = SSL_READER(in, inLen); 2193+ sslReadBuffer ivBuffer = { 0 }; 2194+ PRUint64 cipherTextLen = 0; 2195+ sslReadBuffer cipherTextBuffer = { 0 }; 2196+ unsigned int bytesToMac; 2197+ sslReadBuffer encodedMacBuffer = { 0 }; 2198+ unsigned char computedMac[SHA256_LENGTH]; 2199+ unsigned int computedMacLen = 0; 2200+ SECItem ivItem = { siBuffer, (unsigned char *)ivBuffer.buf, AES_BLOCK_SIZE }; 2201 2202 sslReadBuffer encodedKeyNameBuffer = { 0 }; 2203 SECStatus rv = sslRead_Read(&reader, SELF_ENCRYPT_KEY_NAME_LEN, 2204@@ -201,26 +209,22 @@ 2205 return SECFailure; 2206 } 2207 2208- sslReadBuffer ivBuffer = { 0 }; 2209 rv = sslRead_Read(&reader, AES_BLOCK_SIZE, &ivBuffer); 2210 if (rv != SECSuccess) { 2211 return SECFailure; 2212 } 2213 2214- PRUint64 cipherTextLen = 0; 2215 rv = sslRead_ReadNumber(&reader, 2, &cipherTextLen); 2216 if (rv != SECSuccess) { 2217 return SECFailure; 2218 } 2219 2220- sslReadBuffer cipherTextBuffer = { 0 }; 2221 rv = sslRead_Read(&reader, (unsigned int)cipherTextLen, &cipherTextBuffer); 2222 if (rv != SECSuccess) { 2223 return SECFailure; 2224 } 2225- unsigned int bytesToMac = reader.offset; 2226+ bytesToMac = reader.offset; 2227 2228- sslReadBuffer encodedMacBuffer = { 0 }; 2229 rv = sslRead_Read(&reader, SHA256_LENGTH, &encodedMacBuffer); 2230 if (rv != SECSuccess) { 2231 return SECFailure; 2232@@ -240,8 +244,6 @@ 2233 } 2234 2235 /* 2. Check the MAC */ 2236- unsigned char computedMac[SHA256_LENGTH]; 2237- unsigned int computedMacLen = 0; 2238 rv = ssl_MacBuffer(macKey, CKM_SHA256_HMAC, in, bytesToMac, 2239 computedMac, &computedMacLen, sizeof(computedMac)); 2240 if (rv != SECSuccess) { 2241@@ -254,7 +256,6 @@ 2242 } 2243 2244 /* 3. OK, it verifies, now decrypt. */ 2245- SECItem ivItem = { siBuffer, (unsigned char *)ivBuffer.buf, AES_BLOCK_SIZE }; 2246 rv = PK11_Decrypt(encKey, CKM_AES_CBC_PAD, &ivItem, 2247 out, outLen, maxOutLen, cipherTextBuffer.buf, cipherTextLen); 2248 if (rv != SECSuccess) { 2249diff -ur misc/nss-3.39/nss/lib/ssl/ssl3con.c misc/build/nss-3.39/nss/lib/ssl/ssl3con.c 2250--- misc/nss-3.39/nss/lib/ssl/ssl3con.c 2018-08-31 05:55:53.000000000 -0700 2251+++ misc/build/nss-3.39/nss/lib/ssl/ssl3con.c 2018-10-22 01:44:48.945390000 -0700 2252@@ -5718,6 +5718,7 @@ 2253 SECStatus rv = SECFailure; 2254 SECItem enc_pms = { siBuffer, NULL, 0 }; 2255 PRBool isTLS; 2256+ unsigned int svrPubKeyBits; 2257 2258 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); 2259 PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); 2260@@ -5734,7 +5735,7 @@ 2261 } 2262 2263 /* Get the wrapped (encrypted) pre-master secret, enc_pms */ 2264- unsigned int svrPubKeyBits = SECKEY_PublicKeyStrengthInBits(svrPubKey); 2265+ svrPubKeyBits = SECKEY_PublicKeyStrengthInBits(svrPubKey); 2266 enc_pms.len = (svrPubKeyBits + 7) / 8; 2267 /* Check that the RSA key isn't larger than 8k bit. */ 2268 if (svrPubKeyBits > SSL_MAX_RSA_KEY_BITS) { 2269@@ -8123,6 +8124,7 @@ 2270 ssl_GenerateServerRandom(sslSocket *ss) 2271 { 2272 SECStatus rv = ssl3_GetNewRandom(ss->ssl3.hs.server_random); 2273+ PRUint8 *downgradeSentinel; 2274 if (rv != SECSuccess) { 2275 return SECFailure; 2276 } 2277@@ -8154,7 +8156,7 @@ 2278 * 2279 * 44 4F 57 4E 47 52 44 00 2280 */ 2281- PRUint8 *downgradeSentinel = 2282+ downgradeSentinel = 2283 ss->ssl3.hs.server_random + 2284 SSL3_RANDOM_LENGTH - sizeof(tls13_downgrade_random); 2285 2286@@ -11986,11 +11988,13 @@ 2287 } 2288 2289 for (i = 0; i < toCheck; i++) { 2290+ unsigned char mask; 2291+ unsigned char b; 2292 t = paddingLength - i; 2293 /* If i <= paddingLength then the MSB of t is zero and mask is 2294 * 0xff. Otherwise, mask is 0. */ 2295- unsigned char mask = DUPLICATE_MSB_TO_ALL(~t); 2296- unsigned char b = plaintext->buf[plaintext->len - 1 - i]; 2297+ mask = DUPLICATE_MSB_TO_ALL(~t); 2298+ b = plaintext->buf[plaintext->len - 1 - i]; 2299 /* The final |paddingLength+1| bytes should all have the value 2300 * |paddingLength|. Therefore the XOR should be zero. */ 2301 good &= ~(mask & (paddingLength ^ b)); 2302@@ -12532,6 +12536,7 @@ 2303 } 2304 2305 if (rv != SECSuccess) { 2306+ int errCode; 2307 ssl_ReleaseSpecReadLock(ss); /***************************/ 2308 2309 SSL_DBG(("%d: SSL3[%d]: decryption failed", SSL_GETPID(), ss->fd)); 2310@@ -12562,7 +12567,7 @@ 2311 return SECSuccess; 2312 } 2313 2314- int errCode = PORT_GetError(); 2315+ errCode = PORT_GetError(); 2316 SSL3_SendAlert(ss, alert_fatal, alert); 2317 /* Reset the error code in case SSL3_SendAlert called 2318 * PORT_SetError(). */ 2319diff -ur misc/nss-3.39/nss/lib/ssl/ssl3exthandle.c misc/build/nss-3.39/nss/lib/ssl/ssl3exthandle.c 2320--- misc/nss-3.39/nss/lib/ssl/ssl3exthandle.c 2018-08-31 05:55:53.000000000 -0700 2321+++ misc/build/nss-3.39/nss/lib/ssl/ssl3exthandle.c 2018-10-22 02:03:24.559698000 -0700 2322@@ -1915,6 +1915,8 @@ 2323 sslBuffer *buf, PRBool *added) 2324 { 2325 PRUint32 maxLimit; 2326+ PRUint32 limit; 2327+ SECStatus rv; 2328 if (ss->sec.isServer) { 2329 maxLimit = (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) 2330 ? (MAX_FRAGMENT_LENGTH + 1) 2331@@ -1924,8 +1926,8 @@ 2332 ? (MAX_FRAGMENT_LENGTH + 1) 2333 : MAX_FRAGMENT_LENGTH; 2334 } 2335- PRUint32 limit = PR_MIN(ss->opt.recordSizeLimit, maxLimit); 2336- SECStatus rv = sslBuffer_AppendNumber(buf, limit, 2); 2337+ limit = PR_MIN(ss->opt.recordSizeLimit, maxLimit); 2338+ rv = sslBuffer_AppendNumber(buf, limit, 2); 2339 if (rv != SECSuccess) { 2340 return SECFailure; 2341 } 2342diff -ur misc/nss-3.39/nss/lib/ssl/sslbloom.c misc/build/nss-3.39/nss/lib/ssl/sslbloom.c 2343--- misc/nss-3.39/nss/lib/ssl/sslbloom.c 2018-08-31 05:55:53.000000000 -0700 2344+++ misc/build/nss-3.39/nss/lib/ssl/sslbloom.c 2018-10-22 01:50:48.294197000 -0700 2345@@ -10,7 +10,7 @@ 2346 #include "prnetdb.h" 2347 #include "secport.h" 2348 2349-static inline unsigned int 2350+static __inline unsigned int 2351 sslBloom_Size(unsigned int bits) 2352 { 2353 return (bits >= 3) ? (1 << (bits - 3)) : 1; 2354diff -ur misc/nss-3.39/nss/lib/ssl/sslencode.c misc/build/nss-3.39/nss/lib/ssl/sslencode.c 2355--- misc/nss-3.39/nss/lib/ssl/sslencode.c 2018-08-31 05:55:53.000000000 -0700 2356+++ misc/build/nss-3.39/nss/lib/ssl/sslencode.c 2018-10-22 01:55:55.317356000 -0700 2357@@ -214,6 +214,8 @@ 2358 SECStatus 2359 sslRead_ReadNumber(sslReader *reader, unsigned int bytes, PRUint64 *num) 2360 { 2361+ unsigned int i; 2362+ PRUint64 number = 0; 2363 if (!reader || !num) { 2364 PORT_SetError(SEC_ERROR_INVALID_ARGS); 2365 return SECFailure; 2366@@ -224,8 +226,6 @@ 2367 PORT_SetError(SEC_ERROR_BAD_DATA); 2368 return SECFailure; 2369 } 2370- unsigned int i; 2371- PRUint64 number = 0; 2372 for (i = 0; i < bytes; i++) { 2373 number = (number << 8) + reader->buf.buf[i + reader->offset]; 2374 } 2375diff -ur misc/nss-3.39/nss/lib/ssl/sslnonce.c misc/build/nss-3.39/nss/lib/ssl/sslnonce.c 2376--- misc/nss-3.39/nss/lib/ssl/sslnonce.c 2018-08-31 05:55:53.000000000 -0700 2377+++ misc/build/nss-3.39/nss/lib/ssl/sslnonce.c 2018-10-22 02:55:25.098750000 -0700 2378@@ -439,6 +439,10 @@ 2379 ssl_DecodeResumptionToken(sslSessionID *sid, const PRUint8 *encodedToken, 2380 PRUint32 encodedTokenLen) 2381 { 2382+ sslReader reader; 2383+ PRUint64 tmpInt = 0; 2384+ sslReadBuffer readerBuffer = { 0 }; 2385+ 2386 PORT_Assert(encodedTokenLen); 2387 PORT_Assert(encodedToken); 2388 PORT_Assert(sid); 2389@@ -454,10 +458,11 @@ 2390 } 2391 2392 /* These variables are used across macros. Don't use them outside. */ 2393- sslReader reader = SSL_READER(encodedToken, encodedTokenLen); 2394+ // sslReader reader = SSL_READER(encodedToken, encodedTokenLen); 2395+ reader.buf.buf = encodedToken; 2396+ reader.buf.len = encodedTokenLen; 2397+ reader.offset = 0; 2398 reader.offset += 1; // We read the version already. Skip the first byte. 2399- sslReadBuffer readerBuffer = { 0 }; 2400- PRUint64 tmpInt = 0; 2401 2402 if (sslRead_ReadNumber(&reader, 8, &tmpInt) != SECSuccess) { 2403 return SECFailure; 2404@@ -494,9 +499,13 @@ 2405 return SECFailure; 2406 } 2407 if (readerBuffer.len) { 2408+ SECItem tempItem; 2409 PORT_Assert(!sid->peerCert); 2410- SECItem tempItem = { siBuffer, (unsigned char *)readerBuffer.buf, 2411- readerBuffer.len }; 2412+ // tempItem = { siBuffer, (unsigned char *)readerBuffer.buf, 2413+ // readerBuffer.len }; 2414+ tempItem.type = siBuffer; 2415+ tempItem.data = (unsigned char *)readerBuffer.buf; 2416+ tempItem.len = readerBuffer.len; 2417 sid->peerCert = CERT_NewTempCertificate(NULL, /* dbHandle */ 2418 &tempItem, 2419 NULL, PR_FALSE, PR_TRUE); 2420@@ -510,12 +519,16 @@ 2421 return SECFailure; 2422 } 2423 if (readerBuffer.len) { 2424+ SECItem tempItem; 2425 SECITEM_AllocArray(NULL, &sid->peerCertStatus, 1); 2426 if (!sid->peerCertStatus.items) { 2427 return SECFailure; 2428 } 2429- SECItem tempItem = { siBuffer, (unsigned char *)readerBuffer.buf, 2430- readerBuffer.len }; 2431+ // SECItem tempItem = { siBuffer, (unsigned char *)readerBuffer.buf, 2432+ // readerBuffer.len }; 2433+ tempItem.type = siBuffer; 2434+ tempItem.data = (unsigned char *)readerBuffer.buf; 2435+ tempItem.len = readerBuffer.len; 2436 SECITEM_CopyItem(NULL, &sid->peerCertStatus.items[0], &tempItem); 2437 } 2438 2439@@ -545,9 +558,13 @@ 2440 return SECFailure; 2441 } 2442 if (readerBuffer.len) { 2443+ SECItem tempItem; 2444 PORT_Assert(!sid->localCert); 2445- SECItem tempItem = { siBuffer, (unsigned char *)readerBuffer.buf, 2446- readerBuffer.len }; 2447+ //SECItem tempItem = { siBuffer, (unsigned char *)readerBuffer.buf, 2448+ // readerBuffer.len }; 2449+ tempItem.type = siBuffer; 2450+ tempItem.data = (unsigned char *)readerBuffer.buf; 2451+ tempItem.len = readerBuffer.len; 2452 sid->localCert = CERT_NewTempCertificate(NULL, /* dbHandle */ 2453 &tempItem, 2454 NULL, PR_FALSE, PR_TRUE); 2455@@ -706,13 +723,15 @@ 2456 PRBool 2457 ssl_IsResumptionTokenValid(sslSocket *ss) 2458 { 2459+ sslSessionID *sid; 2460+ PRTime endTime = 0; 2461+ NewSessionTicket *ticket; 2462 PORT_Assert(ss); 2463- sslSessionID *sid = ss->sec.ci.sid; 2464+ sid = ss->sec.ci.sid; 2465 PORT_Assert(sid); 2466 2467 // Check that the ticket didn't expire. 2468- PRTime endTime = 0; 2469- NewSessionTicket *ticket = &sid->u.ssl3.locked.sessionTicket; 2470+ ticket = &sid->u.ssl3.locked.sessionTicket; 2471 if (ticket->ticket_lifetime_hint != 0) { 2472 endTime = ticket->received_timestamp + 2473 (PRTime)(ticket->ticket_lifetime_hint * PR_USEC_PER_SEC); 2474@@ -746,6 +765,9 @@ 2475 static SECStatus 2476 ssl_EncodeResumptionToken(sslSessionID *sid, sslBuffer *encodedTokenBuf) 2477 { 2478+ SECStatus rv; 2479+ PRUint64 len; 2480+ 2481 PORT_Assert(encodedTokenBuf); 2482 PORT_Assert(sid); 2483 if (!sid || !sid->u.ssl3.locked.sessionTicket.ticket.len || 2484@@ -760,7 +782,7 @@ 2485 * SECItems are prepended with a 64-bit length field followed by the bytes. 2486 * Optional bytes are encoded as a 0-length item if not present. 2487 */ 2488- SECStatus rv = sslBuffer_AppendNumber(encodedTokenBuf, 2489+ rv = sslBuffer_AppendNumber(encodedTokenBuf, 2490 SSLResumptionTokenVersion, 1); 2491 if (rv != SECSuccess) { 2492 return SECFailure; 2493@@ -843,7 +865,7 @@ 2494 } 2495 } 2496 2497- PRUint64 len = sid->peerID ? strlen(sid->peerID) : 0; 2498+ len = sid->peerID ? strlen(sid->peerID) : 0; 2499 if (len > PR_UINT8_MAX) { 2500 // This string really shouldn't be that long. 2501 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); 2502@@ -1052,8 +1074,11 @@ 2503 void 2504 ssl_CacheExternalToken(sslSocket *ss) 2505 { 2506+ sslSessionID *sid; 2507+ sslBuffer encodedToken = SSL_BUFFER_EMPTY; 2508+ 2509 PORT_Assert(ss); 2510- sslSessionID *sid = ss->sec.ci.sid; 2511+ sid = ss->sec.ci.sid; 2512 PORT_Assert(sid); 2513 PORT_Assert(sid->cached == never_cached); 2514 PORT_Assert(ss->resumptionTokenCallback); 2515@@ -1083,8 +1108,6 @@ 2516 sid->expirationTime = sid->creationTime + ssl3_sid_timeout; 2517 } 2518 2519- sslBuffer encodedToken = SSL_BUFFER_EMPTY; 2520- 2521 if (ssl_EncodeResumptionToken(sid, &encodedToken) != SECSuccess) { 2522 SSL_TRC(3, ("SSL [%d]: encoding resumption token failed", ss->fd)); 2523 return; 2524@@ -1127,11 +1150,12 @@ 2525 void 2526 ssl_UncacheSessionID(sslSocket *ss) 2527 { 2528+ sslSecurityInfo *sec; 2529 if (ss->opt.noCache) { 2530 return; 2531 } 2532 2533- sslSecurityInfo *sec = &ss->sec; 2534+ sec = &ss->sec; 2535 PORT_Assert(sec); 2536 2537 if (sec->ci.sid) { 2538diff -ur misc/nss-3.39/nss/lib/ssl/sslsnce.c misc/build/nss-3.39/nss/lib/ssl/sslsnce.c 2539--- misc/nss-3.39/nss/lib/ssl/sslsnce.c 2018-08-31 05:55:53.000000000 -0700 2540+++ misc/build/nss-3.39/nss/lib/ssl/sslsnce.c 2018-10-22 03:10:53.707928000 -0700 2541@@ -732,11 +732,11 @@ 2542 void 2543 ssl_ServerCacheSessionID(sslSessionID *sid) 2544 { 2545- PORT_Assert(sid); 2546- 2547 sidCacheEntry sce; 2548 PRUint32 now = 0; 2549 cacheDesc *cache = &globalCache; 2550+ 2551+ PORT_Assert(sid); 2552 2553 if (sid->u.ssl3.sessionIDLength == 0) { 2554 return; 2555diff -ur misc/nss-3.39/nss/lib/ssl/sslsock.c misc/build/nss-3.39/nss/lib/ssl/sslsock.c 2556--- misc/nss-3.39/nss/lib/ssl/sslsock.c 2018-08-31 05:55:53.000000000 -0700 2557+++ misc/build/nss-3.39/nss/lib/ssl/sslsock.c 2018-10-22 03:26:21.638950000 -0700 2558@@ -53,38 +53,38 @@ 2559 ** default settings for socket enables 2560 */ 2561 static sslOptions ssl_defaults = { 2562- .nextProtoNego = { siBuffer, NULL, 0 }, 2563- .maxEarlyDataSize = 1 << 16, 2564- .recordSizeLimit = MAX_FRAGMENT_LENGTH + 1, 2565- .useSecurity = PR_TRUE, 2566- .useSocks = PR_FALSE, 2567- .requestCertificate = PR_FALSE, 2568- .requireCertificate = SSL_REQUIRE_FIRST_HANDSHAKE, 2569- .handshakeAsClient = PR_FALSE, 2570- .handshakeAsServer = PR_FALSE, 2571- .noCache = PR_FALSE, 2572- .fdx = PR_FALSE, 2573- .detectRollBack = PR_TRUE, 2574- .noLocks = PR_FALSE, 2575- .enableSessionTickets = PR_FALSE, 2576- .enableDeflate = PR_FALSE, 2577- .enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN, 2578- .requireSafeNegotiation = PR_FALSE, 2579- .enableFalseStart = PR_FALSE, 2580- .cbcRandomIV = PR_TRUE, 2581- .enableOCSPStapling = PR_FALSE, 2582- .enableALPN = PR_TRUE, 2583- .reuseServerECDHEKey = PR_TRUE, 2584- .enableFallbackSCSV = PR_FALSE, 2585- .enableServerDhe = PR_TRUE, 2586- .enableExtendedMS = PR_FALSE, 2587- .enableSignedCertTimestamps = PR_FALSE, 2588- .requireDHENamedGroups = PR_FALSE, 2589- .enable0RttData = PR_FALSE, 2590- .enableTls13CompatMode = PR_FALSE, 2591- .enableDtlsShortHeader = PR_FALSE, 2592- .enableHelloDowngradeCheck = PR_FALSE, 2593- .enableV2CompatibleHello = PR_FALSE 2594+ /* .nextProtoNego = */ { siBuffer, NULL, 0 }, 2595+ /* .recordSizeLimit = */ MAX_FRAGMENT_LENGTH + 1, 2596+ /* .maxEarlyDataSize = */ 1 << 16, 2597+ /* .useSecurity = */ PR_TRUE, 2598+ /* .useSocks = */ PR_FALSE, 2599+ /* .requestCertificate = */ PR_FALSE, 2600+ /* .requireCertificate = */ SSL_REQUIRE_FIRST_HANDSHAKE, 2601+ /* .handshakeAsClient = */ PR_FALSE, 2602+ /* .handshakeAsServer = */ PR_FALSE, 2603+ /* .noCache = */ PR_FALSE, 2604+ /* .fdx = */ PR_FALSE, 2605+ /* .detectRollBack = */ PR_TRUE, 2606+ /* .noLocks = */ PR_FALSE, 2607+ /* .enableSessionTickets = */ PR_FALSE, 2608+ /* .enableDeflate = */ PR_FALSE, 2609+ /* .enableRenegotiation = */ SSL_RENEGOTIATE_REQUIRES_XTN, 2610+ /* .requireSafeNegotiation = */ PR_FALSE, 2611+ /* .enableFalseStart = */ PR_FALSE, 2612+ /* .cbcRandomIV = */ PR_TRUE, 2613+ /* .enableOCSPStapling = */ PR_FALSE, 2614+ /* .enableALPN = */ PR_TRUE, 2615+ /* .reuseServerECDHEKey = */ PR_TRUE, 2616+ /* .enableFallbackSCSV = */ PR_FALSE, 2617+ /* .enableServerDhe = */ PR_TRUE, 2618+ /* .enableExtendedMS = */ PR_FALSE, 2619+ /* .enableSignedCertTimestamps = */ PR_FALSE, 2620+ /* .requireDHENamedGroups = */ PR_FALSE, 2621+ /* .enable0RttData = */ PR_FALSE, 2622+ /* .enableTls13CompatMode = */ PR_FALSE, 2623+ /* .enableDtlsShortHeader = */ PR_FALSE, 2624+ /* .enableHelloDowngradeCheck = */ PR_FALSE, 2625+ /* .enableV2CompatibleHello = */ PR_FALSE 2626 }; 2627 2628 /* 2629@@ -2032,6 +2032,7 @@ 2630 unsigned int length) 2631 { 2632 sslSocket *ss; 2633+ size_t firstLen; 2634 2635 ss = ssl_FindSocket(fd); 2636 if (!ss) { 2637@@ -2050,7 +2051,7 @@ 2638 ssl_GetSSL3HandshakeLock(ss); 2639 SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE); 2640 SECITEM_AllocItem(NULL, &ss->opt.nextProtoNego, length); 2641- size_t firstLen = data[0] + 1; 2642+ firstLen = data[0] + 1; 2643 /* firstLen <= length is ensured by ssl3_ValidateAppProtocol. */ 2644 PORT_Memcpy(ss->opt.nextProtoNego.data + (length - firstLen), data, firstLen); 2645 PORT_Memcpy(ss->opt.nextProtoNego.data, data + firstLen, length - firstLen); 2646@@ -4079,6 +4080,7 @@ 2647 unsigned int len) 2648 { 2649 sslSocket *ss = ssl_FindSocket(fd); 2650+ SECStatus rv; 2651 2652 if (!ss) { 2653 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetResumptionToken", 2654@@ -4109,7 +4111,7 @@ 2655 } 2656 2657 /* Populate NewSessionTicket values */ 2658- SECStatus rv = ssl_DecodeResumptionToken(ss->sec.ci.sid, token, len); 2659+ rv = ssl_DecodeResumptionToken(ss->sec.ci.sid, token, len); 2660 if (rv != SECSuccess) { 2661 // If decoding fails, we assume the token is bad. 2662 PORT_SetError(SSL_ERROR_BAD_RESUMPTION_TOKEN_ERROR); 2663@@ -4163,13 +4165,14 @@ 2664 SSLExp_GetResumptionTokenInfo(const PRUint8 *tokenData, unsigned int tokenLen, 2665 SSLResumptionTokenInfo *tokenOut, PRUintn len) 2666 { 2667+ sslSessionID sid = { 0 }; 2668+ SSLResumptionTokenInfo token; 2669+ 2670 if (!tokenData || !tokenOut || !tokenLen || 2671 len > sizeof(SSLResumptionTokenInfo)) { 2672 PORT_SetError(SEC_ERROR_INVALID_ARGS); 2673 return SECFailure; 2674 } 2675- sslSessionID sid = { 0 }; 2676- SSLResumptionTokenInfo token; 2677 2678 /* Populate sid values */ 2679 if (ssl_DecodeResumptionToken(&sid, tokenData, tokenLen) != SECSuccess) { 2680diff -ur misc/nss-3.39/nss/lib/ssl/tls13exthandle.c misc/build/nss-3.39/nss/lib/ssl/tls13exthandle.c 2681--- misc/nss-3.39/nss/lib/ssl/tls13exthandle.c 2018-08-31 05:55:53.000000000 -0700 2682+++ misc/build/nss-3.39/nss/lib/ssl/tls13exthandle.c 2018-10-22 03:41:59.569200000 -0700 2683@@ -773,6 +773,7 @@ 2684 sslBuffer *buf, PRBool *added) 2685 { 2686 SECStatus rv; 2687+ PRUint16 ver; 2688 2689 if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) { 2690 return SECSuccess; 2691@@ -781,7 +782,7 @@ 2692 SSL_TRC(3, ("%d: TLS13[%d]: server send supported_versions extension", 2693 SSL_GETPID(), ss->fd)); 2694 2695- PRUint16 ver = tls13_EncodeDraftVersion(SSL_LIBRARY_VERSION_TLS_1_3, 2696+ ver = tls13_EncodeDraftVersion(SSL_LIBRARY_VERSION_TLS_1_3, 2697 ss->protocolVariant); 2698 rv = sslBuffer_AppendNumber(buf, ver, 2); 2699 if (rv != SECSuccess) { 2700diff -ur misc/nss-3.39/nss/lib/ssl/tls13hashstate.c misc/build/nss-3.39/nss/lib/ssl/tls13hashstate.c 2701--- misc/nss-3.39/nss/lib/ssl/tls13hashstate.c 2018-08-31 05:55:53.000000000 -0700 2702+++ misc/build/nss-3.39/nss/lib/ssl/tls13hashstate.c 2018-10-22 04:03:39.133885000 -0700 2703@@ -95,6 +95,9 @@ 2704 PRUint64 group; 2705 const sslNamedGroupDef *selectedGroup; 2706 PRUint64 appTokenLen; 2707+ sslReader reader = SSL_READER(plaintext, plaintextLen); 2708+ sslReadBuffer appTokenReader = { 0 }; 2709+ unsigned int hashLen; 2710 2711 rv = ssl_SelfEncryptUnprotect(ss, cookie, cookieLen, 2712 plaintext, &plaintextLen, sizeof(plaintext)); 2713@@ -102,7 +105,10 @@ 2714 return SECFailure; 2715 } 2716 2717- sslReader reader = SSL_READER(plaintext, plaintextLen); 2718+ // reader = SSL_READER(plaintext, plaintextLen); 2719+ reader.buf.buf = plaintext; 2720+ reader.buf.len = plaintextLen; 2721+ reader.offset = 0; 2722 2723 /* Should start with 0xff. */ 2724 rv = sslRead_ReadNumber(&reader, 1, &sentinel); 2725@@ -138,7 +144,6 @@ 2726 return SECFailure; 2727 } 2728 ss->xtnData.applicationToken.len = appTokenLen; 2729- sslReadBuffer appTokenReader = { 0 }; 2730 rv = sslRead_Read(&reader, appTokenLen, &appTokenReader); 2731 if (rv != SECSuccess) { 2732 FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter); 2733@@ -148,7 +153,7 @@ 2734 PORT_Memcpy(ss->xtnData.applicationToken.data, appTokenReader.buf, appTokenLen); 2735 2736 /* The remainder is the hash. */ 2737- unsigned int hashLen = SSL_READER_REMAINING(&reader); 2738+ hashLen = SSL_READER_REMAINING(&reader); 2739 if (hashLen != tls13_GetHashSize(ss)) { 2740 FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter); 2741 return SECFailure; 2742diff -ur misc/nss-3.39/nss/lib/util/quickder.c misc/build/nss-3.39/nss/lib/util/quickder.c 2743--- misc/nss-3.39/nss/lib/util/quickder.c 2018-08-31 05:55:53.000000000 -0700 2744+++ misc/build/nss-3.39/nss/lib/util/quickder.c 2018-09-10 17:24:47.548844000 -0700 2745@@ -408,11 +408,12 @@ 2746 { 2747 const SEC_ASN1Template* ptrTemplate = 2748 SEC_ASN1GetSubtemplate(templateEntry, dest, PR_FALSE); 2749+ void* subdata; 2750 if (!ptrTemplate) { 2751 PORT_SetError(SEC_ERROR_INVALID_ARGS); 2752 return SECFailure; 2753 } 2754- void* subdata = PORT_ArenaZAlloc(arena, ptrTemplate->size); 2755+ subdata = PORT_ArenaZAlloc(arena, ptrTemplate->size); 2756 *(void**)((char*)dest + templateEntry->offset) = subdata; 2757 if (subdata) { 2758 return DecodeItem(subdata, ptrTemplate, src, arena, checkTag); 2759diff -ur misc/nss-3.39/nss/lib/util/secport.c misc/build/nss-3.39/nss/lib/util/secport.c 2760--- misc/nss-3.39/nss/lib/util/secport.c 2018-08-31 05:55:53.000000000 -0700 2761+++ misc/build/nss-3.39/nss/lib/util/secport.c 2018-10-21 01:46:42.919736000 -0700 2762@@ -21,7 +21,23 @@ 2763 #include "prenv.h" 2764 #include "prinit.h" 2765 2766-#include <stdint.h> 2767+#if defined(_MSC_VER) && _MSC_VER < 1600 2768+ #ifdef _WIN64 2769+typedef unsigned __int64 uintptr_t; 2770+ #else 2771+typedef unsigned int uintptr_t; 2772+ #endif 2773+typedef unsigned char uint8_t; 2774+typedef unsigned short uint16_t; 2775+typedef unsigned int uint32_t; 2776+typedef unsigned __int64 uint64_t; 2777+#define UINT8_MAX 0xff 2778+#define UINT16_MAX 0xffff 2779+#define UINT32_MAX 0xffffffffu 2780+#define UINT64_MAX 0xffffffffffffffffU 2781+#else 2782+ #include <stdint.h> 2783+#endif 2784 2785 #ifdef DEBUG 2786 #define THREADMARK 2787@@ -150,13 +166,14 @@ 2788 void * 2789 PORT_ZAllocAlignedOffset(size_t size, size_t alignment, size_t offset) 2790 { 2791+ void *mem = NULL; 2792+ void *v; 2793 PORT_Assert(offset < size); 2794 if (offset > size) { 2795 return NULL; 2796 } 2797 2798- void *mem = NULL; 2799- void *v = PORT_ZAllocAligned(size, alignment, &mem); 2800+ v = PORT_ZAllocAligned(size, alignment, &mem); 2801 if (!v) { 2802 return NULL; 2803 } 2804diff -ur misc/nss-3.39/nss/lib/util/secport.h misc/build/nss-3.39/nss/lib/util/secport.h 2805--- misc/nss-3.39/nss/lib/util/secport.h 2018-08-31 05:55:53.000000000 -0700 2806+++ misc/build/nss-3.39/nss/lib/util/secport.h 2018-10-21 20:43:01.473838000 -0700 2807@@ -45,7 +45,30 @@ 2808 #include <string.h> 2809 #include <stddef.h> 2810 #include <stdlib.h> 2811-#include <stdint.h> 2812+#if defined(_MSC_VER) && _MSC_VER < 1600 2813+ #ifdef _WIN64 2814+typedef unsigned __int64 uintptr_t; 2815+ #else 2816+typedef unsigned int uintptr_t; 2817+ #endif 2818+typedef unsigned char uint8_t; 2819+typedef unsigned short uint16_t; 2820+typedef unsigned int uint32_t; 2821+typedef unsigned __int64 uint64_t; 2822+typedef char int8_t; 2823+typedef short int16_t; 2824+typedef int int32_t; 2825+typedef __int64 int64_t; 2826+#define UINT8_MAX 0xff 2827+#define UINT16_MAX 0xffff 2828+#define UINT32_MAX 0xffffffffu 2829+#define UINT64_MAX 0xffffffffffffffffU 2830+#define UINT64_C(x) ((x) + (UINT64_MAX - UINT64_MAX)) 2831+#define INT32_MIN (-0x7fffffff - 1) 2832+#define INT32_MAX 0x7fffffff 2833+#else 2834+ #include <stdint.h> 2835+#endif 2836 #include "prtypes.h" 2837 #include "prlog.h" /* for PR_ASSERT */ 2838 #include "plarena.h" 2839diff -ur misc/nss-3.39/nss/lib/util/utilmod.c misc/build/nss-3.39/nss/lib/util/utilmod.c 2840--- misc/nss-3.39/nss/lib/util/utilmod.c 2018-08-31 05:55:53.000000000 -0700 2841+++ misc/build/nss-3.39/nss/lib/util/utilmod.c 2018-09-11 01:58:56.505884000 -0700 2842@@ -75,12 +75,13 @@ 2843 os_open(const char *filename, int oflag, int pmode) 2844 { 2845 int fd; 2846+ wchar_t *filenameWide; 2847 2848 if (!filename) { 2849 return -1; 2850 } 2851 2852- wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename); 2853+ filenameWide = _NSSUTIL_UTF8ToWide(filename); 2854 if (!filenameWide) { 2855 return -1; 2856 } 2857@@ -94,12 +95,13 @@ 2858 os_stat(const char *path, os_stat_type *buffer) 2859 { 2860 int result; 2861+ wchar_t *pathWide; 2862 2863 if (!path) { 2864 return -1; 2865 } 2866 2867- wchar_t *pathWide = _NSSUTIL_UTF8ToWide(path); 2868+ pathWide = _NSSUTIL_UTF8ToWide(path); 2869 if (!pathWide) { 2870 return -1; 2871 } 2872@@ -113,16 +115,18 @@ 2873 os_fopen(const char *filename, const char *mode) 2874 { 2875 FILE *fp; 2876+ wchar_t *filenameWide; 2877+ wchar_t *modeWide; 2878 2879 if (!filename || !mode) { 2880 return NULL; 2881 } 2882 2883- wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename); 2884+ filenameWide = _NSSUTIL_UTF8ToWide(filename); 2885 if (!filenameWide) { 2886 return NULL; 2887 } 2888- wchar_t *modeWide = _NSSUTIL_UTF8ToWide(mode); 2889+ modeWide = _NSSUTIL_UTF8ToWide(mode); 2890 if (!modeWide) { 2891 PORT_Free(filenameWide); 2892 return NULL; 2893@@ -138,12 +142,13 @@ 2894 _NSSUTIL_Access(const char *path, PRAccessHow how) 2895 { 2896 int result; 2897+ int mode; 2898+ wchar_t *pathWide; 2899 2900 if (!path) { 2901 return PR_FAILURE; 2902 } 2903 2904- int mode; 2905 switch (how) { 2906 case PR_ACCESS_WRITE_OK: 2907 mode = 2; 2908@@ -158,7 +163,7 @@ 2909 return PR_FAILURE; 2910 } 2911 2912- wchar_t *pathWide = _NSSUTIL_UTF8ToWide(path); 2913+ pathWide = _NSSUTIL_UTF8ToWide(path); 2914 if (!pathWide) { 2915 return PR_FAILURE; 2916 } 2917@@ -172,12 +177,13 @@ 2918 nssutil_Delete(const char *name) 2919 { 2920 BOOL result; 2921+ wchar_t *nameWide; 2922 2923 if (!name) { 2924 return PR_FAILURE; 2925 } 2926 2927- wchar_t *nameWide = _NSSUTIL_UTF8ToWide(name); 2928+ nameWide = _NSSUTIL_UTF8ToWide(name); 2929 if (!nameWide) { 2930 return PR_FAILURE; 2931 } 2932@@ -191,16 +197,18 @@ 2933 nssutil_Rename(const char *from, const char *to) 2934 { 2935 BOOL result; 2936+ wchar_t *fromWide; 2937+ wchar_t *toWide; 2938 2939 if (!from || !to) { 2940 return PR_FAILURE; 2941 } 2942 2943- wchar_t *fromWide = _NSSUTIL_UTF8ToWide(from); 2944+ fromWide = _NSSUTIL_UTF8ToWide(from); 2945 if (!fromWide) { 2946 return PR_FAILURE; 2947 } 2948- wchar_t *toWide = _NSSUTIL_UTF8ToWide(to); 2949+ toWide = _NSSUTIL_UTF8ToWide(to); 2950 if (!toWide) { 2951 PORT_Free(fromWide); 2952 return PR_FAILURE; 2953