Mercurial > mozreview > gecko / changeset / 857796af22807857af260f0cc00bf7304b76dbd5
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1271501 - Downgrade unnecessarily strong reinterpret_casts in PSM. r=keeler draft
authorCykesiopka <cykesiopka.bmo@gmail.com>
Wed, 18 May 2016 18:58:41 -0700
changeset 368591 857796af22807857af260f0cc00bf7304b76dbd5
parent 368590 e6ef5c1febbabcc0366e10703be7cd5a00ec918a
child 368592 e493b06152a6c2364704d1a049973cbdbd2bca94
child 368593 b73d0cb47ecf7ff48f5e2f81adc5a02346ca4ac2
push id18597
push usercykesiopka.bmo@gmail.com
push dateThu, 19 May 2016 04:17:43 +0000
reviewerskeeler
bugs1271501
milestone49.0a1
Bug 1271501 - Downgrade unnecessarily strong reinterpret_casts in PSM. r=keeler These reinterpret_casts can be static_casts or const_casts instead. MozReview-Commit-ID: 1KQDWHO9CGS
security/apps/AppSignatureVerification.cpp file | annotate | diff | comparison | revisions
security/manager/ssl/CertBlocklist.cpp file | annotate | diff | comparison | revisions
security/manager/ssl/PublicKeyPinningService.cpp file | annotate | diff | comparison | revisions
security/manager/ssl/RootCertificateTelemetryUtils.cpp file | annotate | diff | comparison | revisions
security/manager/ssl/nsCertTree.cpp file | annotate | diff | comparison | revisions
security/manager/ssl/nsDataSignatureVerifier.cpp file | annotate | diff | comparison | revisions
security/manager/ssl/nsNTLMAuthModule.cpp file | annotate | diff | comparison | revisions
security/manager/ssl/nsPKCS12Blob.cpp file | annotate | diff | comparison | revisions
security/manager/ssl/nsRandomGenerator.cpp file | annotate | diff | comparison | revisions
security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp file | annotate | diff | comparison | revisions 
--- a/security/apps/AppSignatureVerification.cpp
+++ b/security/apps/AppSignatureVerification.cpp
@@ -628,17 +628,17 @@ struct VerifyCertificateContext {
 nsresult
 VerifyCertificate(CERTCertificate* signerCert, void* voidContext, void* pinArg)
 {
   // TODO: null pinArg is tolerated.
   if (NS_WARN_IF(!signerCert) || NS_WARN_IF(!voidContext)) {
     return NS_ERROR_INVALID_ARG;
   }
   const VerifyCertificateContext& context =
-    *reinterpret_cast<const VerifyCertificateContext*>(voidContext);
+    *static_cast<const VerifyCertificateContext*>(voidContext);
 
   AppTrustDomain trustDomain(context.builtChain, pinArg);
   if (trustDomain.SetTrustedRoot(context.trustedRoot) != SECSuccess) {
     return MapSECStatus(SECFailure);
   }
   Input certDER;
   Result rv = certDER.Init(signerCert->derCert.data, signerCert->derCert.len);
   if (rv != Success) {
--- a/security/manager/ssl/CertBlocklist.cpp
+++ b/security/manager/ssl/CertBlocklist.cpp
@@ -644,17 +644,17 @@ CertBlocklist::IsBlocklistFresh(bool* _r
 }
 
 
 /* static */
 void
 CertBlocklist::PreferenceChanged(const char* aPref, void* aClosure)
 
 {
-  CertBlocklist* blocklist = reinterpret_cast<CertBlocklist*>(aClosure);
+  auto blocklist = static_cast<CertBlocklist*>(aClosure);
   MutexAutoLock lock(blocklist->mMutex);
 
   MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
          ("CertBlocklist::PreferenceChanged %s changed", aPref));
   if (strcmp(aPref, PREF_BACKGROUND_UPDATE_TIMER) == 0) {
     sLastBlocklistUpdate = Preferences::GetUint(PREF_BACKGROUND_UPDATE_TIMER,
                                                 uint32_t(0));
   } else if (strcmp(aPref, PREF_KINTO_ONECRL_CHECKED) == 0) {
--- a/security/manager/ssl/PublicKeyPinningService.cpp
+++ b/security/manager/ssl/PublicKeyPinningService.cpp
@@ -130,20 +130,19 @@ EvalChain(const UniqueCERTCertList& cert
   MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug, ("pkpin: no matches found\n"));
   return NS_OK;
 }
 
 /**
   Comparator for the is public key pinned host.
 */
 static int
-TransportSecurityPreloadCompare(const void *key, const void *entry) {
-  const char *keyStr = reinterpret_cast<const char *>(key);
-  const TransportSecurityPreload *preloadEntry =
-    reinterpret_cast<const TransportSecurityPreload *>(entry);
+TransportSecurityPreloadCompare(const void* key, const void* entry) {
+  auto keyStr = static_cast<const char*>(key);
+  auto preloadEntry = static_cast<const TransportSecurityPreload*>(entry);
 
   return strcmp(keyStr, preloadEntry->mHost);
 }
 
 nsresult
 PublicKeyPinningService::ChainMatchesPinset(const UniqueCERTCertList& certList,
                                             const nsTArray<nsCString>& aSHA256keys,
                                     /*out*/ bool& chainMatchesPinset)
--- a/security/manager/ssl/RootCertificateTelemetryUtils.cpp
+++ b/security/manager/ssl/RootCertificateTelemetryUtils.cpp
@@ -53,19 +53,19 @@ RootCABinNumber(const SECItem* cert)
   // Compare against list of stored hashes
   size_t idx;
 
   MOZ_LOG(gPublicKeyPinningTelemetryLog, LogLevel::Debug,
            ("pkpinTelem: First bytes %02hx %02hx %02hx %02hx\n",
             digest.get().data[0], digest.get().data[1], digest.get().data[2], digest.get().data[3]));
 
   if (mozilla::BinarySearchIf(ROOT_TABLE, 0, ArrayLength(ROOT_TABLE),
-          BinaryHashSearchArrayComparator(
-            reinterpret_cast<const uint8_t*>(digest.get().data), digest.get().len),
-         &idx)) {
+        BinaryHashSearchArrayComparator(static_cast<uint8_t*>(digest.get().data),
+                                        digest.get().len),
+        &idx)) {
 
     MOZ_LOG(gPublicKeyPinningTelemetryLog, LogLevel::Debug,
           ("pkpinTelem: Telemetry index was %lu, bin is %d\n",
            idx, ROOT_TABLE[idx].binNumber));
     return (int32_t) ROOT_TABLE[idx].binNumber;
   }
 
   // Didn't match.
--- a/security/manager/ssl/nsCertTree.cpp
+++ b/security/manager/ssl/nsCertTree.cpp
@@ -177,20 +177,20 @@ nsCertTree::~nsCertTree()
 }
 
 void
 nsCertTree::FreeCertArray()
 {
   mDispInfo.Clear();
 }
 
-CompareCacheHashEntry *
-nsCertTree::getCacheEntry(void *cache, void *aCert)
+CompareCacheHashEntry*
+nsCertTree::getCacheEntry(void* cache, void* aCert)
 {
-  PLDHashTable &aCompareCache = *reinterpret_cast<PLDHashTable*>(cache);
+  PLDHashTable& aCompareCache = *static_cast<PLDHashTable*>(cache);
   auto entryPtr = static_cast<CompareCacheHashEntryPtr*>
                              (aCompareCache.Add(aCert, fallible));
   return entryPtr ? entryPtr->entry : nullptr;
 }
 
 void nsCertTree::RemoveCacheEntry(void *key)
 {
   mCompareCache.Remove(key);
--- a/security/manager/ssl/nsDataSignatureVerifier.cpp
+++ b/security/manager/ssl/nsDataSignatureVerifier.cpp
@@ -149,17 +149,17 @@ VerifyCMSDetachedSignatureIncludingCerti
 
   NSSCMSContentInfo* cinfo = NSS_CMSMessage_ContentLevel(cmsMsg.get(), 0);
   if (!cinfo) {
     return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
   }
 
   // signedData is non-owning
   NSSCMSSignedData* signedData =
-    reinterpret_cast<NSSCMSSignedData*>(NSS_CMSContentInfo_GetContent(cinfo));
+    static_cast<NSSCMSSignedData*>(NSS_CMSContentInfo_GetContent(cinfo));
   if (!signedData) {
     return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
   }
 
   // Set digest value.
   if (NSS_CMSSignedData_SetDigestValue(signedData, SEC_OID_SHA1,
                                        const_cast<SECItem*>(&detachedDigest))) {
     return NS_ERROR_CMS_VERIFY_BAD_DIGEST;
@@ -237,17 +237,17 @@ static nsresult
 VerifyCertificate(CERTCertificate* cert, void* voidContext, void* pinArg)
 {
   // XXX: missing pinArg is tolerated
   if (NS_WARN_IF(!cert) || NS_WARN_IF(!voidContext)) {
     return NS_ERROR_INVALID_ARG;
   }
 
   VerifyCertificateContext* context =
-    reinterpret_cast<VerifyCertificateContext*>(voidContext);
+    static_cast<VerifyCertificateContext*>(voidContext);
 
   nsCOMPtr<nsIX509Cert> xpcomCert(nsNSSCertificate::Create(cert));
   if (!xpcomCert) {
     return NS_ERROR_OUT_OF_MEMORY;
   }
 
   context->signingCert = xpcomCert;
 
--- a/security/manager/ssl/nsNTLMAuthModule.cpp
+++ b/security/manager/ssl/nsNTLMAuthModule.cpp
@@ -446,17 +446,17 @@ ParseType2Msg(const void *inBuf, uint32_
   // 20 Flags
   // 24 Challenge
   // 32 targetInfo
   // 48 start of optional data blocks
   //
   if (inLen < NTLM_TYPE2_HEADER_LEN)
     return NS_ERROR_UNEXPECTED;
 
-  const uint8_t *cursor = reinterpret_cast<const uint8_t*>(inBuf);
+  auto cursor = static_cast<const uint8_t*>(inBuf);
 
   // verify NTLMSSP signature
   if (memcmp(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)) != 0)
     return NS_ERROR_UNEXPECTED;
 
   cursor += sizeof(NTLM_SIGNATURE);
 
   // verify Type-2 marker
@@ -473,17 +473,17 @@ ParseType2Msg(const void *inBuf, uint32_
   // ... read offset from inBuf.
   uint32_t offset = ReadUint32(cursor);
   mozilla::CheckedInt<uint32_t> targetEnd = offset;
   targetEnd += targetLen;
   // Check the offset / length combo is in range of the input buffer, including
   // integer overflow checking.
   if (MOZ_LIKELY(targetEnd.isValid() && targetEnd.value() <= inLen)) {
     msg->targetLen = targetLen;
-    msg->target = reinterpret_cast<const uint8_t*>(inBuf) + offset;
+    msg->target = static_cast<const uint8_t*>(inBuf) + offset;
   } else {
     // Do not error out, for (conservative) backward compatibility.
     msg->targetLen = 0;
     msg->target = nullptr;
   }
 
   // read flags
   msg->flags = ReadUint32(cursor);
@@ -509,17 +509,17 @@ ParseType2Msg(const void *inBuf, uint32_
   // ... read offset from inBuf.
   offset = ReadUint32(cursor);
   mozilla::CheckedInt<uint32_t> targetInfoEnd = offset;
   targetInfoEnd += targetInfoLen;
   // Check the offset / length combo is in range of the input buffer, including
   // integer overflow checking.
   if (MOZ_LIKELY(targetInfoEnd.isValid() && targetInfoEnd.value() <= inLen)) {
     msg->targetInfoLen = targetInfoLen;
-    msg->targetInfo = reinterpret_cast<const uint8_t*>(inBuf) + offset;
+    msg->targetInfo = static_cast<const uint8_t*>(inBuf) + offset;
   } else {
     NS_ERROR("failed to get NTLMv2 target info");
     return NS_ERROR_UNEXPECTED;
   }
 
   return NS_OK;
 }
 
@@ -567,17 +567,18 @@ GenerateType3Msg(const nsString &domain,
   // get domain name
   //
   if (unicode)
   {
 #ifdef IS_BIG_ENDIAN
     ucsDomainBuf = domain;
     domainPtr = ucsDomainBuf.get();
     domainLen = ucsDomainBuf.Length() * 2;
-    WriteUnicodeLE((void *) domainPtr, reinterpret_cast<const char16_t*> (domainPtr),
+    WriteUnicodeLE(const_cast<void*>(domainPtr),
+                   static_cast<const char16_t*>(domainPtr),
                    ucsDomainBuf.Length());
 #else
     domainPtr = domain.get();
     domainLen = domain.Length() * 2;
 #endif
   }
   else
   {
@@ -590,17 +591,18 @@ GenerateType3Msg(const nsString &domain,
   // get user name
   //
   if (unicode)
   {
 #ifdef IS_BIG_ENDIAN
     ucsUserBuf = username;
     userPtr = ucsUserBuf.get();
     userLen = ucsUserBuf.Length() * 2;
-    WriteUnicodeLE((void *) userPtr, reinterpret_cast<const char16_t*> (userPtr),
+    WriteUnicodeLE(const_cast<void*>(userPtr),
+                   static_cast<const char16_t*>(userPtr),
                    ucsUserBuf.Length());
 #else
     userPtr = username.get();
     userLen = username.Length() * 2;
 #endif
   }
   else
   {
@@ -620,17 +622,18 @@ GenerateType3Msg(const nsString &domain,
   }
 
   if (unicode)
   {
     ucsHostBuf = NS_ConvertUTF8toUTF16(hostBuf);
     hostPtr = ucsHostBuf.get();
     hostLen = ucsHostBuf.Length() * 2;
 #ifdef IS_BIG_ENDIAN
-    WriteUnicodeLE((void *) hostPtr, reinterpret_cast<const char16_t*> (hostPtr),
+    WriteUnicodeLE(const_cast<void*>(hostPtr),
+                   static_cast<const char16_t*>(hostPtr),
                    ucsHostBuf.Length());
 #endif
   }
   else
   {
     hostPtr = hostBuf.get();
     hostLen = hostBuf.Length();
   }
@@ -666,24 +669,26 @@ GenerateType3Msg(const nsString &domain,
       NS_ERROR("failed to get NTLMv2 target info, can not do NTLMv2");
       return NS_ERROR_UNEXPECTED;
     }
 
     ToUpperCase(username, ucsUserUpperBuf);
     userUpperPtr = ucsUserUpperBuf.get();
     userUpperLen = ucsUserUpperBuf.Length() * 2;
 #ifdef IS_BIG_ENDIAN
-    WriteUnicodeLE((void *) userUpperPtr, reinterpret_cast<const char16_t*> (userUpperPtr),
+    WriteUnicodeLE(const_cast<void*>(userUpperPtr),
+                   static_cast<const char16_t*>(userUpperPtr),
                    ucsUserUpperBuf.Length());
 #endif
     ToUpperCase(domain, ucsDomainUpperBuf);
     domainUpperPtr = ucsDomainUpperBuf.get();
     domainUpperLen = ucsDomainUpperBuf.Length() * 2;
 #ifdef IS_BIG_ENDIAN
-    WriteUnicodeLE((void *) domainUpperPtr, reinterpret_cast<const char16_t*> (domainUpperPtr),
+    WriteUnicodeLE(const_cast<void*>(domainUpperPtr),
+                   static_cast<const char16_t*>(domainUpperPtr),
                    ucsDomainUpperBuf.Length());
 #endif
 
     NTLM_Hash(password, ntlmHash);
     ntlmHashStr = nsAutoCString(reinterpret_cast<const char *>(ntlmHash), NTLM_HASH_LEN);
 
     nsCOMPtr<nsIKeyObjectFactory> keyFactory =
         do_CreateInstance(NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &rv);
@@ -707,21 +712,22 @@ GenerateType3Msg(const nsString &domain,
         do_CreateInstance(NS_CRYPTO_HMAC_CONTRACTID, &rv);
     if (NS_FAILED(rv)) {
       return rv;
     }
     rv = hasher->Init(nsICryptoHMAC::MD5, ntlmKey);
     if (NS_FAILED(rv)) {
       return rv;
     }
-    rv = hasher->Update(reinterpret_cast<const uint8_t*> (userUpperPtr), userUpperLen);
+    rv = hasher->Update(static_cast<const uint8_t*>(userUpperPtr), userUpperLen);
     if (NS_FAILED(rv)) {
       return rv;
     }
-    rv = hasher->Update(reinterpret_cast<const uint8_t*> (domainUpperPtr), domainUpperLen);
+    rv = hasher->Update(static_cast<const uint8_t*>(domainUpperPtr),
+                        domainUpperLen);
     if (NS_FAILED(rv)) {
       return rv;
     }
     rv = hasher->Finish(false, ntlmv2HashStr);
     if (NS_FAILED(rv)) {
       return rv;
     }
 
@@ -887,64 +893,68 @@ GenerateType3Msg(const nsString &domain,
   offset += domainLen;
   offset += userLen;
   offset += hostLen;
   if (!offset.isValid()) {
     NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
     return NS_ERROR_UNEXPECTED;
   }
   cursor = WriteSecBuf(cursor, LM_RESP_LEN, offset.value());
-  memcpy((uint8_t *) *outBuf + offset.value(), lmResp, LM_RESP_LEN);
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), lmResp, LM_RESP_LEN);
 
   // 20 : NTLM or NTLMv2 response sec buf
   offset += LM_RESP_LEN;
   if (!offset.isValid()) {
     NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
     return NS_ERROR_UNEXPECTED;
   }
   cursor = WriteSecBuf(cursor, ntlmRespLen.value(), offset.value());
   if (ntlmv2) {
-    memcpy(reinterpret_cast<uint8_t*> (*outBuf) + offset.value(), ntlmv2Resp, NTLMv2_RESP_LEN);
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), ntlmv2Resp,
+           NTLMv2_RESP_LEN);
     offset += NTLMv2_RESP_LEN;
     if (!offset.isValid()) {
       NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
       return NS_ERROR_UNEXPECTED;
     }
-    memcpy(reinterpret_cast<uint8_t*> (*outBuf) + offset.value(), ntlmv2_blob1, NTLMv2_BLOB1_LEN);
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), ntlmv2_blob1,
+           NTLMv2_BLOB1_LEN);
     offset += NTLMv2_BLOB1_LEN;
     if (!offset.isValid()) {
       NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
       return NS_ERROR_UNEXPECTED;
     }
-    memcpy(reinterpret_cast<uint8_t*> (*outBuf) + offset.value(), msg.targetInfo, msg.targetInfoLen);
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), msg.targetInfo,
+           msg.targetInfoLen);
   } else {
-    memcpy(reinterpret_cast<uint8_t*> (*outBuf) + offset.value(), ntlmResp, NTLM_RESP_LEN);
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), ntlmResp,
+           NTLM_RESP_LEN);
   }
   // 28 : domain name sec buf
   offset = NTLM_TYPE3_HEADER_LEN;
   cursor = WriteSecBuf(cursor, domainLen, offset.value());
-  memcpy((uint8_t *) *outBuf + offset.value(), domainPtr, domainLen);
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), domainPtr, domainLen);
 
   // 36 : user name sec buf
   offset += domainLen;
   if (!offset.isValid()) {
     NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
     return NS_ERROR_UNEXPECTED;
   }
   cursor = WriteSecBuf(cursor, userLen, offset.value());
-  memcpy(reinterpret_cast<uint8_t*> (*outBuf) + offset.value(), userPtr, userLen);
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), userPtr, userLen);
 
   // 44 : workstation (host) name sec buf
   offset += userLen;
   if (!offset.isValid()) {
     NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
     return NS_ERROR_UNEXPECTED;
   }
   cursor = WriteSecBuf(cursor, hostLen, offset.value());
-  memcpy(reinterpret_cast<uint8_t*> (*outBuf) + offset.value(), hostPtr, hostLen);
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), hostPtr, hostLen);
 
   // 52 : session key sec buf (not used)
   cursor = WriteSecBuf(cursor, 0, 0);
 
   // 60 : negotiated flags
   cursor = WriteDWORD(cursor, msg.flags & NTLM_TYPE1_FLAGS);
 
   return NS_OK;
--- a/security/manager/ssl/nsPKCS12Blob.cpp
+++ b/security/manager/ssl/nsPKCS12Blob.cpp
@@ -508,19 +508,19 @@ nsPKCS12Blob::inputToDecoder(SEC_PKCS12D
 // C callback methods
 //
 
 // digest_open
 // prepare a memory buffer for reading/writing digests
 SECStatus
 nsPKCS12Blob::digest_open(void *arg, PRBool reading)
 {
-  nsPKCS12Blob *cx = reinterpret_cast<nsPKCS12Blob *>(arg);
+  auto cx = static_cast<nsPKCS12Blob*>(arg);
   NS_ENSURE_TRUE(cx, SECFailure);
-  
+
   if (reading) {
     NS_ENSURE_TRUE(cx->mDigest, SECFailure);
 
     delete cx->mDigestIterator;
     cx->mDigestIterator = new nsCString::const_iterator;
 
     if (!cx->mDigestIterator) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
@@ -543,68 +543,68 @@ nsPKCS12Blob::digest_open(void *arg, PRB
 }
 
 // digest_close
 // destroy a possibly active iterator
 // remove the data buffer if requested
 SECStatus
 nsPKCS12Blob::digest_close(void *arg, PRBool remove_it)
 {
-  nsPKCS12Blob *cx = reinterpret_cast<nsPKCS12Blob *>(arg);
+  auto cx = static_cast<nsPKCS12Blob*>(arg);
   NS_ENSURE_TRUE(cx, SECFailure);
 
   delete cx->mDigestIterator;
   cx->mDigestIterator = nullptr;
 
-  if (remove_it) {  
+  if (remove_it) {
     delete cx->mDigest;
     cx->mDigest = nullptr;
   }
-  
+
   return SECSuccess;
 }
 
 // digest_read
 // read bytes from the memory buffer
 int
 nsPKCS12Blob::digest_read(void *arg, unsigned char *buf, unsigned long len)
 {
-  nsPKCS12Blob *cx = reinterpret_cast<nsPKCS12Blob *>(arg);
+  auto cx = static_cast<nsPKCS12Blob*>(arg);
   NS_ENSURE_TRUE(cx, SECFailure);
   NS_ENSURE_TRUE(cx->mDigest, SECFailure);
 
   // iterator object must exist when digest has been opened in read mode
   NS_ENSURE_TRUE(cx->mDigestIterator, SECFailure);
 
   unsigned long available = cx->mDigestIterator->size_forward();
-  
+
   if (len > available)
     len = available;
 
   memcpy(buf, cx->mDigestIterator->get(), len);
   cx->mDigestIterator->advance(len);
-  
+
   return len;
 }
 
 // digest_write
 // append bytes to the memory buffer
 int
 nsPKCS12Blob::digest_write(void *arg, unsigned char *buf, unsigned long len)
 {
-  nsPKCS12Blob *cx = reinterpret_cast<nsPKCS12Blob *>(arg);
+  auto cx = static_cast<nsPKCS12Blob*>(arg);
   NS_ENSURE_TRUE(cx, SECFailure);
   NS_ENSURE_TRUE(cx->mDigest, SECFailure);
 
   // make sure we are in write mode, read iterator has not yet been allocated
   NS_ENSURE_FALSE(cx->mDigestIterator, SECFailure);
-  
+
   cx->mDigest->Append(reinterpret_cast<char *>(buf),
                      static_cast<uint32_t>(len));
-  
+
   return len;
 }
 
 // nickname_collision
 // what to do when the nickname collides with one already in the db.
 // TODO: not handled, throw a dialog allowing the nick to be changed?
 SECItem *
 nsPKCS12Blob::nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx)
--- a/security/manager/ssl/nsRandomGenerator.cpp
+++ b/security/manager/ssl/nsRandomGenerator.cpp
@@ -24,17 +24,17 @@ nsRandomGenerator::GenerateRandomBytes(u
     return NS_ERROR_NOT_AVAILABLE;
   }
 
   mozilla::UniquePK11SlotInfo slot(PK11_GetInternalSlot());
   if (!slot) {
     return NS_ERROR_FAILURE;
   }
 
-  uint8_t* buf = reinterpret_cast<uint8_t*>(moz_xmalloc(aLength));
+  auto buf = static_cast<uint8_t*>(moz_xmalloc(aLength));
   if (!buf) {
     return NS_ERROR_OUT_OF_MEMORY;
   }
 
   SECStatus srv = PK11_GenerateRandomOnSlot(slot.get(), buf, aLength);
   if (srv != SECSuccess) {
     free(buf);
     return NS_ERROR_FAILURE;
--- a/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp
@@ -442,17 +442,17 @@ ConfigSecureServerWithNamedCert(PRFileDe
       PORT_ArenaAlloc(arena.get(), sizeof(CERTCertificateList))));
     if (!certList) {
       PrintPRError("PORT_ArenaAlloc failed");
       return SECFailure;
     }
     certList->arena = arena.release();
     // We also have to manually copy the certificates we care about to the
     // list, because there aren't any utility functions for that either.
-    certList->certs = reinterpret_cast<SECItem*>(
+    certList->certs = static_cast<SECItem*>(
       PORT_ArenaAlloc(certList->arena, 2 * sizeof(SECItem)));
     if (SECITEM_CopyItem(certList->arena, certList->certs, &cert->derCert)
           != SECSuccess) {
       PrintPRError("SECITEM_CopyItem failed");
       return SECFailure;
     }
     if (SECITEM_CopyItem(certList->arena, certList->certs + 1,
                          &issuerCert->derCert) != SECSuccess) {
gecko
Deployed from 91162187ad7b at 2025-06-09T17:11:07Z.