Bug 1323998 - Stop using Scoped.h NSS types in dtlsidentity.(cpp|h) and nricectx.cpp. r=mt
Scoped.h is deprecated.
MozReview-Commit-ID: IRFLV2mfN4J
--- a/dom/media/webrtc/RTCCertificate.cpp
+++ b/dom/media/webrtc/RTCCertificate.cpp
@@ -8,16 +8,17 @@
#include <cmath>
#include "cert.h"
#include "jsapi.h"
#include "mozilla/dom/CryptoKey.h"
#include "mozilla/dom/RTCCertificateBinding.h"
#include "mozilla/dom/WebCryptoCommon.h"
#include "mozilla/dom/WebCryptoTask.h"
+#include "mozilla/Move.h"
#include "mozilla/Sprintf.h"
#include <cstdio>
namespace mozilla {
namespace dom {
#define RTCCERTIFICATE_SC_VERSION 0x00000001
@@ -328,19 +329,19 @@ RTCCertificate::~RTCCertificate()
// creates before the RTCCertificate reference is released.
RefPtr<DtlsIdentity>
RTCCertificate::CreateDtlsIdentity() const
{
nsNSSShutDownPreventionLock locker;
if (isAlreadyShutDown() || !mPrivateKey || !mCertificate) {
return nullptr;
}
- SECKEYPrivateKey* key = SECKEY_CopyPrivateKey(mPrivateKey.get());
- CERTCertificate* cert = CERT_DupCertificate(mCertificate.get());
- RefPtr<DtlsIdentity> id = new DtlsIdentity(key, cert, mAuthType);
+ UniqueSECKEYPrivateKey key(SECKEY_CopyPrivateKey(mPrivateKey.get()));
+ UniqueCERTCertificate cert(CERT_DupCertificate(mCertificate.get()));
+ RefPtr<DtlsIdentity> id = new DtlsIdentity(Move(key), Move(cert), mAuthType);
return id;
}
JSObject*
RTCCertificate::WrapObject(JSContext* aCx, JS::Handle<JSObject*> aGivenProto)
{
return RTCCertificateBinding::Wrap(aCx, this, aGivenProto);
}
--- a/media/mtransport/dtlsidentity.cpp
+++ b/media/mtransport/dtlsidentity.cpp
@@ -14,72 +14,70 @@
#include "sechash.h"
#include "ssl.h"
#include "mozilla/Sprintf.h"
namespace mozilla {
RefPtr<DtlsIdentity> DtlsIdentity::Generate() {
- ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ UniquePK11SlotInfo slot(PK11_GetInternalSlot());
if (!slot) {
return nullptr;
}
uint8_t random_name[16];
- SECStatus rv = PK11_GenerateRandomOnSlot(slot, random_name,
+ SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), random_name,
sizeof(random_name));
if (rv != SECSuccess)
return nullptr;
std::string name;
char chunk[3];
for (size_t i = 0; i < sizeof(random_name); ++i) {
SprintfLiteral(chunk, "%.2x", random_name[i]);
name += chunk;
}
std::string subject_name_string = "CN=" + name;
- ScopedCERTName subject_name(CERT_AsciiToName(subject_name_string.c_str()));
+ UniqueCERTName subject_name(CERT_AsciiToName(subject_name_string.c_str()));
if (!subject_name) {
return nullptr;
}
unsigned char paramBuf[12]; // OIDs are small
SECItem ecdsaParams = { siBuffer, paramBuf, sizeof(paramBuf) };
SECOidData* oidData = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1);
if (!oidData || (oidData->oid.len > (sizeof(paramBuf) - 2))) {
return nullptr;
}
ecdsaParams.data[0] = SEC_ASN1_OBJECT_ID;
ecdsaParams.data[1] = oidData->oid.len;
memcpy(ecdsaParams.data + 2, oidData->oid.data, oidData->oid.len);
ecdsaParams.len = oidData->oid.len + 2;
- ScopedSECKEYPrivateKey private_key;
- ScopedSECKEYPublicKey public_key;
SECKEYPublicKey *pubkey;
-
- private_key =
- PK11_GenerateKeyPair(slot,
+ UniqueSECKEYPrivateKey private_key(
+ PK11_GenerateKeyPair(slot.get(),
CKM_EC_KEY_PAIR_GEN, &ecdsaParams, &pubkey,
- PR_FALSE, PR_TRUE, nullptr);
+ PR_FALSE, PR_TRUE, nullptr));
if (private_key == nullptr)
return nullptr;
- public_key = pubkey;
+ UniqueSECKEYPublicKey public_key(pubkey);
+ pubkey = nullptr;
- ScopedCERTSubjectPublicKeyInfo spki(
- SECKEY_CreateSubjectPublicKeyInfo(pubkey));
+ UniqueCERTSubjectPublicKeyInfo spki(
+ SECKEY_CreateSubjectPublicKeyInfo(public_key.get()));
if (!spki) {
return nullptr;
}
- ScopedCERTCertificateRequest certreq(
- CERT_CreateCertificateRequest(subject_name, spki, nullptr));
+ UniqueCERTCertificateRequest certreq(
+ CERT_CreateCertificateRequest(subject_name.get(), spki.get(), nullptr));
if (!certreq) {
return nullptr;
}
// From 1 day before todayto 30 days after.
// This is a sort of arbitrary range designed to be valid
// now with some slack in case the other side expects
// some before expiry.
@@ -89,32 +87,33 @@ RefPtr<DtlsIdentity> DtlsIdentity::Gener
static const PRTime oneDay = PRTime(PR_USEC_PER_SEC)
* PRTime(60) // sec
* PRTime(60) // min
* PRTime(24); // hours
PRTime now = PR_Now();
PRTime notBefore = now - oneDay;
PRTime notAfter = now + (PRTime(30) * oneDay);
- ScopedCERTValidity validity(CERT_CreateValidity(notBefore, notAfter));
+ UniqueCERTValidity validity(CERT_CreateValidity(notBefore, notAfter));
if (!validity) {
return nullptr;
}
unsigned long serial;
// Note: This serial in principle could collide, but it's unlikely
- rv = PK11_GenerateRandomOnSlot(slot,
+ rv = PK11_GenerateRandomOnSlot(slot.get(),
reinterpret_cast<unsigned char *>(&serial),
sizeof(serial));
if (rv != SECSuccess) {
return nullptr;
}
- ScopedCERTCertificate certificate(
- CERT_CreateCertificate(serial, subject_name, validity, certreq));
+ UniqueCERTCertificate certificate(
+ CERT_CreateCertificate(serial, subject_name.get(), validity.get(),
+ certreq.get()));
if (!certificate) {
return nullptr;
}
PLArenaPool *arena = certificate->arena;
rv = SECOID_SetAlgorithmID(arena, &certificate->signature,
SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE, 0);
@@ -124,36 +123,37 @@ RefPtr<DtlsIdentity> DtlsIdentity::Gener
// Set version to X509v3.
*(certificate->version.data) = SEC_CERTIFICATE_VERSION_3;
certificate->version.len = 1;
SECItem innerDER;
innerDER.len = 0;
innerDER.data = nullptr;
- if (!SEC_ASN1EncodeItem(arena, &innerDER, certificate,
+ if (!SEC_ASN1EncodeItem(arena, &innerDER, certificate.get(),
SEC_ASN1_GET(CERT_CertificateTemplate))) {
return nullptr;
}
SECItem *signedCert = PORT_ArenaZNew(arena, SECItem);
if (!signedCert) {
return nullptr;
}
rv = SEC_DerSignData(arena, signedCert, innerDER.data, innerDER.len,
- private_key,
+ private_key.get(),
SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE);
if (rv != SECSuccess) {
return nullptr;
}
certificate->derCert = *signedCert;
- RefPtr<DtlsIdentity> identity =
- new DtlsIdentity(private_key.forget(), certificate.forget(), ssl_kea_ecdh);
+ RefPtr<DtlsIdentity> identity = new DtlsIdentity(Move(private_key),
+ Move(certificate),
+ ssl_kea_ecdh);
return identity.forget();
}
const std::string DtlsIdentity::DEFAULT_HASH_ALGORITHM = "sha-256";
nsresult DtlsIdentity::ComputeFingerprint(const std::string algorithm,
uint8_t *digest,
size_t size,
--- a/media/mtransport/dtlsidentity.h
+++ b/media/mtransport/dtlsidentity.h
@@ -4,42 +4,43 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef dtls_identity_h__
#define dtls_identity_h__
#include <string>
#include "m_cpp_utils.h"
+#include "mozilla/Move.h"
#include "mozilla/RefPtr.h"
#include "nsISupportsImpl.h"
+#include "ScopedNSSTypes.h"
#include "sslt.h"
-#include "ScopedNSSTypes.h"
// All code in this module requires NSS to be live.
// Callers must initialize NSS and implement the nsNSSShutdownObject
// protocol.
namespace mozilla {
class DtlsIdentity final {
public:
// This constructor takes ownership of privkey and cert.
- DtlsIdentity(SECKEYPrivateKey *privkey,
- CERTCertificate *cert,
+ DtlsIdentity(UniqueSECKEYPrivateKey privkey,
+ UniqueCERTCertificate cert,
SSLKEAType authType)
- : private_key_(privkey), cert_(cert), auth_type_(authType) {}
+ : private_key_(Move(privkey)), cert_(Move(cert)), auth_type_(authType) {}
// This is only for use in tests, or for external linkage. It makes a (bad)
// instance of this class.
static RefPtr<DtlsIdentity> Generate();
// These don't create copies or transfer ownership. If you want these to live
// on, make a copy.
const UniqueCERTCertificate& cert() const { return cert_; }
- SECKEYPrivateKey *privkey() const { return private_key_; }
+ const UniqueSECKEYPrivateKey& privkey() const { return private_key_; }
// Note: this uses SSLKEAType because that is what the libssl API requires.
// This is a giant confusing mess, but libssl indexes certificates based on a
// key exchange type, not authentication type (as you might have reasonably
// expected).
SSLKEAType auth_type() const { return auth_type_; }
nsresult ComputeFingerprint(const std::string algorithm,
uint8_t *digest,
@@ -57,14 +58,14 @@ class DtlsIdentity final {
};
NS_INLINE_DECL_THREADSAFE_REFCOUNTING(DtlsIdentity)
private:
~DtlsIdentity() {}
DISALLOW_COPY_ASSIGN(DtlsIdentity);
- ScopedSECKEYPrivateKey private_key_;
+ UniqueSECKEYPrivateKey private_key_;
UniqueCERTCertificate cert_;
SSLKEAType auth_type_;
};
} // close namespace
#endif
--- a/media/mtransport/nricectx.cpp
+++ b/media/mtransport/nricectx.cpp
@@ -109,21 +109,21 @@ MOZ_MTLOG_MODULE("mtransport")
const char kNrIceTransportUdp[] = "udp";
const char kNrIceTransportTcp[] = "tcp";
static bool initialized = false;
// Implement NSPR-based crypto algorithms
static int nr_crypto_nss_random_bytes(UCHAR *buf, int len) {
- ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ UniquePK11SlotInfo slot(PK11_GetInternalSlot());
if (!slot)
return R_INTERNAL;
- SECStatus rv = PK11_GenerateRandomOnSlot(slot, buf, len);
+ SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), buf, len);
if (rv != SECSuccess)
return R_INTERNAL;
return 0;
}
static int nr_crypto_nss_hmac(UCHAR *key, int keyl, UCHAR *buf, int bufl,
UCHAR *result) {
--- a/media/mtransport/transportlayerdtls.cpp
+++ b/media/mtransport/transportlayerdtls.cpp
@@ -513,17 +513,17 @@ bool TransportLayerDtls::Setup() {
if (rv != SECSuccess) {
MOZ_MTLOG(ML_ERROR, "Couldn't set identity");
return false;
}
} else {
MOZ_MTLOG(ML_INFO, "Setting up DTLS as server");
// Server side
rv = SSL_ConfigSecureServer(ssl_fd.get(), identity_->cert().get(),
- identity_->privkey(),
+ identity_->privkey().get(),
identity_->auth_type());
if (rv != SECSuccess) {
MOZ_MTLOG(ML_ERROR, "Couldn't set identity");
return false;
}
UniqueCERTCertList zero_certs(CERT_NewCertList());
rv = SSL_SetTrustAnchors(ssl_fd.get(), zero_certs.get());
@@ -1085,17 +1085,17 @@ SECStatus TransportLayerDtls::GetClientA
}
*pRetCert = CERT_DupCertificate(stream->identity_->cert().get());
if (!*pRetCert) {
PR_SetError(PR_OUT_OF_MEMORY_ERROR, 0);
return SECFailure;
}
- *pRetKey = SECKEY_CopyPrivateKey(stream->identity_->privkey());
+ *pRetKey = SECKEY_CopyPrivateKey(stream->identity_->privkey().get());
if (!*pRetKey) {
CERT_DestroyCertificate(*pRetCert);
*pRetCert = nullptr;
PR_SetError(PR_OUT_OF_MEMORY_ERROR, 0);
return SECFailure;
}
return SECSuccess;
--- a/security/manager/ssl/ScopedNSSTypes.h
+++ b/security/manager/ssl/ScopedNSSTypes.h
@@ -57,29 +57,19 @@ MapSECStatus(SECStatus rv)
return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
}
// Alphabetical order by NSS type
// Deprecated: use the equivalent UniquePtr templates instead.
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertificate,
CERTCertificate,
CERT_DestroyCertificate)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertificateRequest,
- CERTCertificateRequest,
- CERT_DestroyCertificateRequest)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTName,
- CERTName,
- CERT_DestroyName)
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTSubjectPublicKeyInfo,
CERTSubjectPublicKeyInfo,
SECKEY_DestroySubjectPublicKeyInfo)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTValidity,
- CERTValidity,
- CERT_DestroyValidity)
-// Deprecated: use the equivalent UniquePtr templates instead.
namespace internal {
inline void
PK11_DestroyContext_true(PK11Context * ctx) {
PK11_DestroyContext(ctx, true);
}