/root/firefox-clang/security/nss/lib/ssl/sslspec.h

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name sslspec.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -relaxed-aliasing -ffp-contract=off -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/root/firefox-clang/obj-x86_64-pc-linux-gnu/security/nss/lib/ssl/ssl_ssl -fcoverage-compilation-dir=/root/firefox-clang/obj-x86_64-pc-linux-gnu/security/nss/lib/ssl/ssl_ssl -resource-dir /usr/lib/llvm-21/lib/clang/21 -include /root/firefox-clang/obj-x86_64-pc-linux-gnu/mozilla-config.h -U _FORTIFY_SOURCE -D _FORTIFY_SOURCE=2 -D _GLIBCXX_ASSERTIONS -D DEBUG -D NSS_FIPS_DISABLED -D NSS_NO_INIT_SUPPORT -D NSS_X86_OR_X64 -D NSS_X64 -D NSS_USE_64 -D NSS_ALLOW_SSLKEYLOGFILE -D USE_UTIL_DIRECTLY -D NO_NSPR_10_SUPPORT -D SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -D LINUX2_1 -D LINUX -D linux -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D HAVE_STRERROR -D XP_UNIX -D _REENTRANT -D NSS_DISABLE_DBM -D NSS_DISABLE_LIBPKIX -I /root/firefox-clang/security/nss/lib/ssl -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/security/nss/lib/ssl/ssl_ssl -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/dist/include/nspr -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/dist/include/private/nss -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/dist/include/nss -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/dist/include -D MOZILLA_CLIENT -internal-isystem /usr/lib/llvm-21/lib/clang/21/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -Wno-error=tautological-type-limit-compare -Wno-range-loop-analysis -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=free-nonheap-object -Wno-error=atomic-alignment -Wno-error=deprecated-builtins -Wno-psabi -Wno-error=builtin-macro-redefined -Wno-unknown-warning-option -ferror-limit 19 -fstrict-flex-arrays=1 -stack-protector 2 -fstack-clash-protection -ftrivial-auto-var-init=pattern -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -vectorize-loops -vectorize-slp -analyzer-checker optin.performance.Padding -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2025-06-27-100320-3286336-1 -x c /root/firefox-clang/security/nss/lib/ssl/sslspec.c

File:	root/firefox-clang/security/nss/lib/ssl/sslspec.h
Warning:	line 85, column 8 Excessive padding in 'struct ssl3MACDefStr' (8 padding bytes, where 0 is optimal). Optimal fields order: mmech, mac, pad_size, mac_size, oid, consider reordering the fields or adding explicit padding members

Bug Summary

Annotated Source Code

1	/* -- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -- */
2	/*
3	* This file is PRIVATE to SSL.
4	*
5	* This Source Code Form is subject to the terms of the Mozilla Public
6	* License, v. 2.0. If a copy of the MPL was not distributed with this
7	* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
8
9	#ifndef __sslspec_h_
10	#define __sslspec_h_
11
12	#include "sslexp.h"
13	#include "prclist.h"
14
15	typedef enum {
16	TrafficKeyClearText = 0,
17	TrafficKeyEarlyApplicationData = 1,
18	TrafficKeyHandshake = 2,
19	TrafficKeyApplicationData = 3
20	} TrafficKeyType;
21
22	#define SPEC_DIR(spec)((spec->direction == ssl_secret_read) ? "read" : "write") \
23	((spec->direction == ssl_secret_read) ? "read" : "write")
24
25	typedef struct ssl3CipherSpecStr ssl3CipherSpec;
26	typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef;
27	typedef struct ssl3MACDefStr ssl3MACDef;
28	typedef struct ssl3CipherSuiteDefStr ssl3CipherSuiteDef;
29	typedef PRUint64 sslSequenceNumber;
30	typedef PRUint16 DTLSEpoch;
31
32	/* The SSL bulk cipher definition */
33	typedef enum {
34	cipher_null,
35	cipher_rc4,
36	cipher_des,
37	cipher_3des,
38	cipher_aes_128,
39	cipher_aes_256,
40	cipher_camellia_128,
41	cipher_camellia_256,
42	cipher_seed,
43	cipher_aes_128_gcm,
44	cipher_aes_256_gcm,
45	cipher_chacha20,
46	cipher_missing /* reserved for no such supported cipher */
47	/* This enum must match ssl3_cipherName[] in ssl3con.c. */
48	} SSL3BulkCipher;
49
50	typedef enum {
51	type_stream,
52	type_block,
53	type_aead
54	} CipherType;
55
56	/*
57	** There are tables of these, all const.
58	*/
59	struct ssl3BulkCipherDefStr {
60	SSL3BulkCipher cipher;
61	SSLCipherAlgorithm calg;
62	unsigned int key_size;
63	unsigned int secret_key_size;
64	CipherType type;
65	unsigned int iv_size;
66	unsigned int block_size;
67	unsigned int tag_size; /* for AEAD ciphers. */
68	unsigned int explicit_nonce_size; /* for AEAD ciphers. */
69	SECOidTag oid;
70	const char *short_name;
71	/* The maximum number of records that can be sent/received with the same
72	* symmetric key before the connection will be terminated. */
73	PRUint64 max_records;
74	};
75
76	/* to make some of these old enums public without namespace pollution,
77	** it was necessary to prepend ssl_ to the names.
78	** These #defines preserve compatibility with the old code here in libssl.
79	*/
80	typedef SSLMACAlgorithm SSL3MACAlgorithm;
81
82	/*
83	* There are tables of these, all const.
84	*/
85	struct ssl3MACDefStr {
	Excessive padding in 'struct ssl3MACDefStr' (8 padding bytes, where 0 is optimal). Optimal fields order: mmech, mac, pad_size, mac_size, oid, consider reordering the fields or adding explicit padding members
86	SSL3MACAlgorithm mac;
87	CK_MECHANISM_TYPE mmech;
88	int pad_size;
89	int mac_size;
90	SECOidTag oid;
91	};
92
93	#define MAX_IV_LENGTH24 24
94
95	typedef struct {
96	PK11SymKey *key;
97	PK11SymKey *macKey;
98	PK11Context *macContext;
99	PRUint8 iv[MAX_IV_LENGTH24];
100	} ssl3KeyMaterial;
101
102	typedef SECStatus (SSLCipher)(void context,
103	unsigned char *out,
104	unsigned int *outlen,
105	unsigned int maxout,
106	const unsigned char *in,
107	unsigned int inlen);
108	typedef SECStatus (SSLAEADCipher)(PK11Context context,
109	CK_GENERATOR_FUNCTION ivGen,
110	unsigned int fixedbits,
111	unsigned char *iv, unsigned int ivlen,
112	const unsigned char *aad,
113	unsigned int aadlen,
114	unsigned char out, unsigned int outlen,
115	unsigned int maxout, unsigned char *tag,
116	unsigned int taglen,
117	const unsigned char *in, unsigned int inlen);
118
119	/* The DTLS anti-replay window in number of packets. Defined here because we
120	* need it in the cipher spec. Note that this is a ring buffer but left and
121	* right represent the true window, with modular arithmetic used to map them
122	* onto the buffer.
123	*/
124	#define DTLS_RECVD_RECORDS_WINDOW1024 1024
125	#define RECORD_SEQ_MASK((1ULL << 48) - 1) ((1ULL << 48) - 1)
126	#define RECORD_SEQ_MAX((1ULL << 48) - 1) RECORD_SEQ_MASK((1ULL << 48) - 1)
127	PR_STATIC_ASSERT(DTLS_RECVD_RECORDS_WINDOW % 8 == 0)extern void pr_static_assert(int arg[(1024 % 8 == 0) ? 1 : -1 ]);
128
129	typedef struct DTLSRecvdRecordsStr {
130	unsigned char data[DTLS_RECVD_RECORDS_WINDOW1024 / 8];
131	sslSequenceNumber left;
132	sslSequenceNumber right;
133	} DTLSRecvdRecords;
134
135	/*
136	* These are the "specs" used for reading and writing records. Access to the
137	* pointers to these specs, and all the specs' contents (direct and indirect) is
138	* protected by the reader/writer lock ss->specLock.
139	*/
140	struct ssl3CipherSpecStr {
141	PRCList link;
142	PRUint8 refCt;
143
144	SSLSecretDirection direction;
145	SSL3ProtocolVersion version;
146	SSL3ProtocolVersion recordVersion;
147
148	const ssl3BulkCipherDef *cipherDef;
149	const ssl3MACDef *macDef;
150
151	SSLCipher cipher;
152	void *cipherContext;
153
154	PK11SymKey *masterSecret;
155	ssl3KeyMaterial keyMaterial;
156
157	DTLSEpoch epoch;
158	const char *phase;
159
160	/* The next sequence number to be sent or received. */
161	sslSequenceNumber nextSeqNum;
162	DTLSRecvdRecords recvdRecords;
163
164	/* The number of 0-RTT bytes that can be sent or received in TLS 1.3. This
165	* will be zero for everything but 0-RTT. */
166	PRUint32 earlyDataRemaining;
167	/* The maximum plaintext length. This differs from the configured or
168	* negotiated value for TLS 1.3; it is reduced by one to account for the
169	* content type octet. */
170	PRUint16 recordSizeLimit;
171
172	/* DTLS 1.3: Sequence number masking context. */
173	SSLMaskingContext *maskContext;
174
175	/* DTLS 1.3: Count of decryption failures for the given key. */
176	PRUint64 deprotectionFailures;
177	};
178
179	typedef void (sslCipherSpecChangedFunc)(void arg,
180	PRBool sending,
181	ssl3CipherSpec *newSpec);
182
183	const ssl3BulkCipherDef ssl_GetBulkCipherDef(const ssl3CipherSuiteDef cipher_def);
184	const ssl3MACDef *ssl_GetMacDefByAlg(SSL3MACAlgorithm mac);
185	const ssl3MACDef ssl_GetMacDef(const sslSocket ss, const ssl3CipherSuiteDef *suiteDef);
186
187	ssl3CipherSpec ssl_CreateCipherSpec(sslSocket ss, SSLSecretDirection direction);
188	void ssl_SaveCipherSpec(sslSocket ss, ssl3CipherSpec spec);
189	void ssl_CipherSpecAddRef(ssl3CipherSpec *spec);
190	void ssl_CipherSpecRelease(ssl3CipherSpec *spec);
191	void ssl_DestroyCipherSpecs(PRCList *list);
192	SECStatus ssl_SetupNullCipherSpec(sslSocket *ss, SSLSecretDirection dir);
193
194	ssl3CipherSpec ssl_FindCipherSpecByEpoch(sslSocket ss,
195	SSLSecretDirection direction,
196	DTLSEpoch epoch);
197	void ssl_CipherSpecReleaseByEpoch(sslSocket *ss, SSLSecretDirection direction,
198	DTLSEpoch epoch);
199
200	#endif /* __sslspec_h_ */