Bug 1271495 - Replace uses of ScopedPK11Context with UniquePK11Context. r=keeler,mcmanus
ScopedPK11Context is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.
MozReview-Commit-ID: HE8UY1hOuph
--- a/dom/crypto/WebCryptoTask.cpp
+++ b/dom/crypto/WebCryptoTask.cpp
@@ -998,17 +998,17 @@ private:
ScopedPK11SymKey symKey(PK11_ImportSymKey(slot, mMechanism, PK11_OriginUnwrap,
CKA_SIGN, &keyItem, nullptr));
if (!symKey) {
return NS_ERROR_DOM_INVALID_ACCESS_ERR;
}
// Compute the MAC
SECItem param = { siBuffer, nullptr, 0 };
- ScopedPK11Context ctx(PK11_CreateContextBySymKey(mMechanism, CKA_SIGN,
+ UniquePK11Context ctx(PK11_CreateContextBySymKey(mMechanism, CKA_SIGN,
symKey.get(), ¶m));
if (!ctx.get()) {
return NS_ERROR_DOM_OPERATION_ERR;
}
nsresult rv = MapSECStatus(PK11_DigestBegin(ctx.get()));
NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_OPERATION_ERR);
rv = MapSECStatus(PK11_DigestOp(ctx.get(), mData.Elements(), mData.Length()));
NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_OPERATION_ERR);
--- a/netwerk/base/BackgroundFileSaver.cpp
+++ b/netwerk/base/BackgroundFileSaver.cpp
@@ -122,20 +122,17 @@ BackgroundFileSaver::~BackgroundFileSave
}
destructorSafeDestroyNSSReference();
shutdown(calledFromObject);
}
void
BackgroundFileSaver::destructorSafeDestroyNSSReference()
{
- if (mDigestContext) {
- mozilla::psm::PK11_DestroyContext_true(mDigestContext.forget());
- mDigestContext = nullptr;
- }
+ mDigestContext = nullptr;
}
void
BackgroundFileSaver::virtualDestroyNSSReference()
{
destructorSafeDestroyNSSReference();
}
@@ -549,18 +546,18 @@ BackgroundFileSaver::ProcessStateChange(
return NS_OK;
}
}
// Create the digest context if requested and NSS hasn't been shut down.
if (sha256Enabled && !mDigestContext) {
nsNSSShutDownPreventionLock lock;
if (!isAlreadyShutDown()) {
- mDigestContext =
- PK11_CreateDigestContext(static_cast<SECOidTag>(SEC_OID_SHA256));
+ mDigestContext = UniquePK11Context(
+ PK11_CreateDigestContext(SEC_OID_SHA256));
NS_ENSURE_TRUE(mDigestContext, NS_ERROR_OUT_OF_MEMORY);
}
}
// When we are requested to append to an existing file, we should read the
// existing data and ensure we include it as part of the final hash.
if (mDigestContext && append && !isContinuation) {
nsCOMPtr<nsIInputStream> inputStream;
@@ -581,17 +578,17 @@ BackgroundFileSaver::ProcessStateChange(
break;
}
nsNSSShutDownPreventionLock lock;
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
- nsresult rv = MapSECStatus(PK11_DigestOp(mDigestContext,
+ nsresult rv = MapSECStatus(PK11_DigestOp(mDigestContext.get(),
uint8_t_ptr_cast(buffer),
count));
NS_ENSURE_SUCCESS(rv, rv);
}
rv = inputStream->Close();
NS_ENSURE_SUCCESS(rv, rv);
}
@@ -627,17 +624,17 @@ BackgroundFileSaver::ProcessStateChange(
if (mDigestContext) {
// No need to acquire the NSS lock here, DigestOutputStream must acquire it
// in any case before each asynchronous write. Constructing the
// DigestOutputStream cannot fail. Passing mDigestContext to
// DigestOutputStream is safe, because BackgroundFileSaver always outlives
// the outputStream. BackgroundFileSaver is reference-counted before the
// call to AsyncCopy, and mDigestContext is never destroyed before
// AsyncCopyCallback.
- outputStream = new DigestOutputStream(outputStream, mDigestContext);
+ outputStream = new DigestOutputStream(outputStream, mDigestContext.get());
}
// Start copying our input to the target file. No errors can be raised past
// this point if the copy starts, since they should be handled by the thread.
{
MutexAutoLock lock(mLock);
rv = NS_AsyncCopy(mPipeInputStream, outputStream, mWorkerThread,
--- a/netwerk/base/BackgroundFileSaver.h
+++ b/netwerk/base/BackgroundFileSaver.h
@@ -237,17 +237,17 @@ private:
* rather than deleted, if the operation fails or is canceled.
*/
bool mActualTargetKeepPartial;
/**
* Used to calculate the file hash. This keeps state across file renames and
* is lazily initialized in ProcessStateChange.
*/
- ScopedPK11Context mDigestContext;
+ UniquePK11Context mDigestContext;
//////////////////////////////////////////////////////////////////////////////
//// Private methods
/**
* Called when NS_AsyncCopy completes.
*
* @param aClosure
--- a/security/apps/AppSignatureVerification.cpp
+++ b/security/apps/AppSignatureVerification.cpp
@@ -171,22 +171,22 @@ VerifyStreamContentDigest(nsIInputStream
nsresult rv;
uint64_t len64;
rv = stream->Available(&len64);
NS_ENSURE_SUCCESS(rv, rv);
if (len64 > UINT32_MAX) {
return NS_ERROR_SIGNED_JAR_ENTRY_TOO_LARGE;
}
- ScopedPK11Context digestContext(PK11_CreateDigestContext(SEC_OID_SHA1));
+ UniquePK11Context digestContext(PK11_CreateDigestContext(SEC_OID_SHA1));
if (!digestContext) {
return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
}
- rv = MapSECStatus(PK11_DigestBegin(digestContext));
+ rv = MapSECStatus(PK11_DigestBegin(digestContext.get()));
NS_ENSURE_SUCCESS(rv, rv);
uint64_t totalBytesRead = 0;
for (;;) {
uint32_t bytesRead;
rv = stream->Read(char_ptr_cast(buf.data), buf.len, &bytesRead);
NS_ENSURE_SUCCESS(rv, rv);
@@ -194,17 +194,17 @@ VerifyStreamContentDigest(nsIInputStream
break; // EOF
}
totalBytesRead += bytesRead;
if (totalBytesRead >= UINT32_MAX) {
return NS_ERROR_SIGNED_JAR_ENTRY_TOO_LARGE;
}
- rv = MapSECStatus(PK11_DigestOp(digestContext, buf.data, bytesRead));
+ rv = MapSECStatus(PK11_DigestOp(digestContext.get(), buf.data, bytesRead));
NS_ENSURE_SUCCESS(rv, rv);
}
if (totalBytesRead != len64) {
// The metadata we used for Available() doesn't match the actual size of
// the entry.
return NS_ERROR_SIGNED_JAR_ENTRY_INVALID;
}
--- a/security/certverifier/OCSPCache.cpp
+++ b/security/certverifier/OCSPCache.cpp
@@ -47,17 +47,17 @@ namespace mozilla { namespace psm {
// B(derIssuerB, derPublicKeyB, serialNumberB) such that the concatenation of
// each triplet results in the same string of bytes but where each part in A is
// not equal to its counterpart in B. This is important because as a result it
// is computationally infeasible to find collisions that would subvert this
// cache (given that SHA384 is a cryptographically-secure hash function).
static SECStatus
CertIDHash(SHA384Buffer& buf, const CertID& certID)
{
- ScopedPK11Context context(PK11_CreateDigestContext(SEC_OID_SHA384));
+ UniquePK11Context context(PK11_CreateDigestContext(SEC_OID_SHA384));
if (!context) {
return SECFailure;
}
SECStatus rv = PK11_DigestBegin(context.get());
if (rv != SECSuccess) {
return rv;
}
SECItem certIDIssuer = UnsafeMapInputToSECItem(certID.issuer);
--- a/security/manager/ssl/ScopedNSSTypes.h
+++ b/security/manager/ssl/ScopedNSSTypes.h
@@ -2,18 +2,18 @@
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
// This header provides smart pointers and various helpers for code that needs
// to interact with NSS.
-#ifndef mozilla_ScopedNSSTypes_h
-#define mozilla_ScopedNSSTypes_h
+#ifndef ScopedNSSTypes_h
+#define ScopedNSSTypes_h
#include <limits>
#include "cert.h"
#include "cms.h"
#include "cryptohi.h"
#include "keyhi.h"
#include "mozilla/Likely.h"
@@ -102,48 +102,57 @@ namespace psm {
inline void
PK11_DestroyContext_true(PK11Context * ctx) {
PK11_DestroyContext(ctx, true);
}
} // namespace mozilla::psm
// Deprecated: use the equivalent UniquePtr templates instead.
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11Context,
- PK11Context,
- mozilla::psm::PK11_DestroyContext_true)
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSGNDigestInfo,
SGNDigestInfo,
SGN_DestroyDigestInfo)
+// Emulates MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE, but for UniquePtrs.
+#define MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(name, Type, Deleter) \
+struct name##DeletePolicy \
+{ \
+ void operator()(Type* aValue) { Deleter(aValue); } \
+}; \
+typedef UniquePtr<Type, name##DeletePolicy> name;
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11Context,
+ PK11Context,
+ mozilla::psm::PK11_DestroyContext_true)
+
/** A more convenient way of dealing with digests calculated into
* stack-allocated buffers. NSS must be initialized on the main thread before
* use, and the caller must ensure NSS isn't shut down, typically by
* subclassing nsNSSShutDownObject, while Digest is in use.
*
* Typical usage, for digesting a buffer in memory:
*
* nsCOMPtr<nsISupports> nssDummy = do_GetService("@mozilla.org/psm;1", &rv);
* Digest digest;
* nsresult rv = digest.DigestBuf(SEC_OID_SHA256, mybuffer, myBufferLen);
* NS_ENSURE_SUCCESS(rv, rv);
* rv = MapSECStatus(SomeNSSFunction(..., digest.get(), ...));
*
* Less typical usage, for digesting while doing streaming I/O and similar:
*
* Digest digest;
- * ScopedPK11Context digestContext(PK11_CreateDigestContext(SEC_OID_SHA1));
+ * UniquePK11Context digestContext(PK11_CreateDigestContext(SEC_OID_SHA256));
* NS_ENSURE_TRUE(digestContext, NS_ERROR_OUT_OF_MEMORY);
- * rv = MapSECStatus(PK11_DigestBegin(digestContext));
+ * rv = MapSECStatus(PK11_DigestBegin(digestContext.get()));
* NS_ENSURE_SUCCESS(rv, rv);
* for (...) {
- * rv = MapSECStatus(PK11_DigestOp(digestContext, ...));
+ * rv = MapSECStatus(PK11_DigestOp(digestContext.get(), ...));
* NS_ENSURE_SUCCESS(rv, rv);
* }
- * rv = digest.End(SEC_OID_SHA1, digestContext);
+ * rv = digest.End(SEC_OID_SHA256, digestContext);
* NS_ENSURE_SUCCESS(rv, rv)
*/
class Digest
{
public:
Digest()
{
mItem.type = siBuffer;
@@ -157,22 +166,23 @@ public:
return NS_ERROR_INVALID_ARG;
}
nsresult rv = SetLength(hashAlg);
NS_ENSURE_SUCCESS(rv, rv);
return MapSECStatus(PK11_HashBuf(hashAlg, mItem.data, buf,
static_cast<int32_t>(len)));
}
- nsresult End(SECOidTag hashAlg, ScopedPK11Context & context)
+ nsresult End(SECOidTag hashAlg, UniquePK11Context& context)
{
nsresult rv = SetLength(hashAlg);
NS_ENSURE_SUCCESS(rv, rv);
uint32_t len;
- rv = MapSECStatus(PK11_DigestFinal(context, mItem.data, &len, mItem.len));
+ rv = MapSECStatus(PK11_DigestFinal(context.get(), mItem.data, &len,
+ mItem.len));
NS_ENSURE_SUCCESS(rv, rv);
context = nullptr;
NS_ENSURE_TRUE(len == mItem.len, NS_ERROR_UNEXPECTED);
return NS_OK;
}
const SECItem & get() const { return mItem; }
@@ -310,24 +320,16 @@ MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLAT
internal::SECKEYEncryptedPrivateKeyInfo_true)
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECKEYPublicKey,
SECKEYPublicKey,
SECKEY_DestroyPublicKey)
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECAlgorithmID,
SECAlgorithmID,
internal::SECOID_DestroyAlgorithmID_true)
-// Emulates MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE, but for UniquePtrs.
-#define MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(name, Type, Deleter) \
-struct name##DeletePolicy \
-{ \
- void operator()(Type* aValue) { Deleter(aValue); } \
-}; \
-typedef UniquePtr<Type, name##DeletePolicy> name;
-
MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificate,
CERTCertificate,
CERT_DestroyCertificate)
MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificateList,
CERTCertificateList,
CERT_DestroyCertificateList)
MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificatePolicies,
CERTCertificatePolicies,
@@ -388,9 +390,9 @@ MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(Un
SECMODModule,
SECMOD_DestroyModule)
MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueVFYContext,
VFYContext,
internal::VFY_DestroyContext_true)
} // namespace mozilla
-#endif // mozilla_ScopedNSSTypes_h
+#endif // ScopedNSSTypes_h