Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-09 11:25:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 802378: Make PSM coding patterns more consistent, and more consistent with Mozilla Coding Style, r=keeler

Browse Source 
--HG--
extra : rebase_source : 46fde9231dd69356221c0c5a7042a7b2d3dd0cf6
This commit is contained in:
Brian Smith 2012-10-17 13:48:36 -07:00
parent 51ea78a2f8
commit 80f3ffb006
48 changed files with 463 additions and 632 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
security/manager/boot/src/nsBOOTModule.cpp
View File

@ -21,11 +21,11 @@ NS_DEFINE_NAMED_CID(NS_SECURE_BROWSER_UI_CID);
NS_DEFINE_NAMED_CID(NS_STRICT_TRANSPORT_SECURITY_CID);
static const mozilla::Module::CIDEntry kBOOTCIDs[] = {
{ &kNS_ENTROPYCOLLECTOR_CID, false, NULL, nsEntropyCollectorConstructor },
{ &kNS_SECURITYWARNINGDIALOGS_CID, false, NULL, nsSecurityWarningDialogsConstructor },
{ &kNS_SECURE_BROWSER_UI_CID, false, NULL, nsSecureBrowserUIImplConstructor },
{ &kNS_STRICT_TRANSPORT_SECURITY_CID, false, NULL, nsStrictTransportSecurityServiceConstructor },
{ NULL }
{ &kNS_ENTROPYCOLLECTOR_CID, false, nullptr, nsEntropyCollectorConstructor },
{ &kNS_SECURITYWARNINGDIALOGS_CID, false, nullptr, nsSecurityWarningDialogsConstructor },
{ &kNS_SECURE_BROWSER_UI_CID, false, nullptr, nsSecureBrowserUIImplConstructor },
{ &kNS_STRICT_TRANSPORT_SECURITY_CID, false, nullptr, nsStrictTransportSecurityServiceConstructor },
{ nullptr }
};
static const mozilla::Module::ContractIDEntry kBOOTContracts[] = {
@ -33,7 +33,7 @@ static const mozilla::Module::ContractIDEntry kBOOTContracts[] = {
{ NS_SECURITYWARNINGDIALOGS_CONTRACTID, &kNS_SECURITYWARNINGDIALOGS_CID },
{ NS_SECURE_BROWSER_UI_CONTRACTID, &kNS_SECURE_BROWSER_UI_CID },
{ NS_STSSERVICE_CONTRACTID, &kNS_STRICT_TRANSPORT_SECURITY_CID },
{ NULL }
{ nullptr }
};
static const mozilla::Module kBootModule = {

1
security/manager/boot/src/nsEntropyCollector.cpp
View File

@ -5,7 +5,6 @@
#include "prlog.h"
#include "nsEntropyCollector.h"
#include "nsMemory.h"
#include "nsAlgorithm.h"
nsEntropyCollector::nsEntropyCollector()

7
security/manager/boot/src/nsSecurityWarningDialogs.cpp
View File

@ -15,7 +15,6 @@
#include "nsIPrefService.h"
#include "nsIPrefBranch.h"
#include "nsThreadUtils.h"
#include "nsAutoPtr.h"
#include "mozilla/Telemetry.h"
#include "nsISecurityUITelemetry.h"
@ -264,7 +263,7 @@ nsSecurityWarningDialogs::ConfirmDialog(nsIInterfaceRequestor *ctx, const char *
// prefName, showAgainName are null if there is no preference for this dialog
bool prefValue = true;
if (prefName != nullptr) {
if (prefName) {
rv = mPrefBranch->GetBoolPref(prefName, &prefValue);
if (NS_FAILED(rv)) prefValue = true;
}
@ -298,7 +297,7 @@ nsSecurityWarningDialogs::ConfirmDialog(nsIInterfaceRequestor *ctx, const char *
getter_Copies(windowTitle));
mStringBundle->GetStringFromName(messageName,
getter_Copies(message));
if (showAgainName != nullptr) {
if (showAgainName) {
mStringBundle->GetStringFromName(showAgainName,
getter_Copies(alertMe));
}
@ -339,7 +338,7 @@ nsSecurityWarningDialogs::ConfirmDialog(nsIInterfaceRequestor *ctx, const char *
mozilla::Telemetry::Accumulate(mozilla::Telemetry::SECURITY_UI, aBucket + 1);
}
if (!prefValue && prefName != nullptr) {
if (!prefValue && prefName) {
mPrefBranch->SetBoolPref(prefName, false);
} else if (prefValue && showOnce) {
mPrefBranch->SetBoolPref(showOncePref.get(), false);

12
security/manager/pki/src/nsPKIModule.cpp
View File

@ -24,11 +24,11 @@ NS_DEFINE_NAMED_CID(NS_FORMSIGNINGDIALOG_CID);
static const mozilla::Module::CIDEntry kPKICIDs[] = {
{ &kNS_NSSDIALOGS_CID, false, NULL, nsNSSDialogsConstructor },
{ &kNS_NSSASN1OUTINER_CID, false, NULL, nsNSSASN1TreeConstructor },
{ &kNS_PKIPARAMBLOCK_CID, false, NULL, nsPKIParamBlockConstructor },
{ &kNS_FORMSIGNINGDIALOG_CID, false, NULL, nsFormSigningDialogConstructor },
{ NULL }
{ &kNS_NSSDIALOGS_CID, false, nullptr, nsNSSDialogsConstructor },
{ &kNS_NSSASN1OUTINER_CID, false, nullptr, nsNSSASN1TreeConstructor },
{ &kNS_PKIPARAMBLOCK_CID, false, nullptr, nsPKIParamBlockConstructor },
{ &kNS_FORMSIGNINGDIALOG_CID, false, nullptr, nsFormSigningDialogConstructor },
{ nullptr }
};
static const mozilla::Module::ContractIDEntry kPKIContracts[] = {
@ -43,7 +43,7 @@ static const mozilla::Module::ContractIDEntry kPKIContracts[] = {
{ NS_ASN1TREE_CONTRACTID, &kNS_NSSASN1OUTINER_CID },
{ NS_PKIPARAMBLOCK_CONTRACTID, &kNS_PKIPARAMBLOCK_CID },
{ NS_FORMSIGNINGDIALOG_CONTRACTID, &kNS_FORMSIGNINGDIALOG_CID },
{ NULL }
{ nullptr }
};
static const mozilla::Module kPKIModule = {

4
security/manager/pki/src/nsPKIParamBlock.cpp
View File

@ -20,7 +20,7 @@ nsresult
nsPKIParamBlock::Init()
{
mDialogParamBlock = do_CreateInstance(NS_DIALOGPARAMBLOCK_CONTRACTID);
return (mDialogParamBlock == nullptr) ? NS_ERROR_OUT_OF_MEMORY : NS_OK;
return !mDialogParamBlock ? NS_ERROR_OUT_OF_MEMORY : NS_OK;
}
nsPKIParamBlock::~nsPKIParamBlock()
@ -79,7 +79,7 @@ nsPKIParamBlock::SetISupportAtIndex(int32_t index, nsISupports *object)
{
if (!mSupports) {
mSupports = do_CreateInstance(NS_SUPPORTSARRAY_CONTRACTID);
if (mSupports == nullptr) {
if (!mSupports) {
return NS_ERROR_OUT_OF_MEMORY;
}
}

45
security/manager/ssl/src/SSLServerCertVerification.cpp
View File

@ -221,7 +221,7 @@ public:
void Dispatch();
private:
const nsRefPtr<TransportSecurityInfo> mInfoObject;
const RefPtr<TransportSecurityInfo> mInfoObject;
public:
const PRErrorCode mErrorCode;
const SSLErrorMessageType mErrorMessageType;
@ -248,13 +248,13 @@ class CertErrorRunnable : public SyncRunnableBase
}
virtual void RunOnTargetThread();
nsRefPtr<SSLServerCertVerificationResult> mResult; // out
RefPtr<SSLServerCertVerificationResult> mResult; // out
private:
SSLServerCertVerificationResult *CheckCertOverrides();
const void * const mFdForLogging; // may become an invalid pointer; do not dereference
const nsCOMPtr<nsIX509Cert> mCert;
const nsRefPtr<TransportSecurityInfo> mInfoObject;
const RefPtr<TransportSecurityInfo> mInfoObject;
const PRErrorCode mDefaultErrorCodeToReport;
const uint32_t mCollectedErrors;
const PRErrorCode mErrorCodeTrust;
@ -427,8 +427,7 @@ CreateCertErrorRunnable(PRErrorCode defaultErrorCodeToReport,
return nullptr;
}
nsRefPtr<nsNSSCertificate> nssCert;
nssCert = nsNSSCertificate::Create(cert);
RefPtr<nsNSSCertificate> nssCert(nsNSSCertificate::Create(cert));
if (!nssCert) {
NS_ERROR("nsNSSCertificate::Create failed");
PR_SetError(SEC_ERROR_NO_MEMORY, 0);
@ -445,7 +444,7 @@ CreateCertErrorRunnable(PRErrorCode defaultErrorCodeToReport,
return nullptr;
}
nsRefPtr<nsCERTValInParamWrapper> survivingParams;
RefPtr<nsCERTValInParamWrapper> survivingParams;
nsrv = inss->GetDefaultCERTValInParam(survivingParams);
if (NS_FAILED(nsrv)) {
NS_ERROR("GetDefaultCERTValInParam failed");
@ -472,7 +471,7 @@ CreateCertErrorRunnable(PRErrorCode defaultErrorCodeToReport,
srv = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), cert,
true, certificateUsageSSLServer,
PR_Now(), static_cast<void*>(infoObject),
verify_log, NULL);
verify_log, nullptr);
}
else {
CERTValOutParam cvout[2];
@ -591,7 +590,7 @@ private:
}
return rv;
}
nsRefPtr<CertErrorRunnable> mCertErrorRunnable;
RefPtr<CertErrorRunnable> mCertErrorRunnable;
};
class SSLServerCertVerificationJob : public nsRunnable
@ -611,7 +610,7 @@ private:
~SSLServerCertVerificationJob();
const void * const mFdForLogging;
const nsRefPtr<TransportSecurityInfo> mInfoObject;
const RefPtr<TransportSecurityInfo> mInfoObject;
CERTCertificate * const mCert;
};
@ -644,7 +643,7 @@ PSM_SSL_PKIX_AuthCertificate(CERTCertificate *peerCert, void * pinarg,
nsCOMPtr<nsINSSComponent> inss = do_GetService(kNSSComponentCID, &nsrv);
if (!inss)
return SECFailure;
nsRefPtr<nsCERTValInParamWrapper> survivingParams;
RefPtr<nsCERTValInParamWrapper> survivingParams;
if (NS_FAILED(inss->GetDefaultCERTValInParam(survivingParams)))
return SECFailure;
@ -777,7 +776,7 @@ BlockServerCertChangeForSpdy(nsNSSSocketInfo *infoObject,
nsCOMPtr<nsIX509Cert> cert;
nsCOMPtr<nsIX509Cert2> cert2;
nsRefPtr<nsSSLStatus> status = infoObject->SSLStatus();
RefPtr<nsSSLStatus> status(infoObject->SSLStatus());
if (!status) {
// If we didn't have a status, then this is the
// first handshake on this connection, not a
@ -873,8 +872,8 @@ AuthCertificate(TransportSecurityInfo * infoObject, CERTCertificate * cert)
// complete chain at any time it might need it.
// But we keep only those CA certs in the temp db, that we didn't already know.
nsRefPtr<nsSSLStatus> status = infoObject->SSLStatus();
nsRefPtr<nsNSSCertificate> nsc;
RefPtr<nsSSLStatus> status(infoObject->SSLStatus());
RefPtr<nsNSSCertificate> nsc;
if (!status || !status->mServerCert) {
nsc = nsNSSCertificate::Create(cert);
@ -992,8 +991,8 @@ SSLServerCertVerificationJob::Dispatch(const void * fdForLogging,
return SECFailure;
}
nsRefPtr<SSLServerCertVerificationJob> job
= new SSLServerCertVerificationJob(fdForLogging, infoObject, serverCert);
RefPtr<SSLServerCertVerificationJob> job(
new SSLServerCertVerificationJob(fdForLogging, infoObject, serverCert));
nsresult nrv;
if (!gCertVerificationThreadPool) {
@ -1039,16 +1038,16 @@ SSLServerCertVerificationJob::Run()
PR_SetError(0, 0);
SECStatus rv = AuthCertificate(mInfoObject, mCert);
if (rv == SECSuccess) {
nsRefPtr<SSLServerCertVerificationResult> restart
= new SSLServerCertVerificationResult(mInfoObject, 0);
RefPtr<SSLServerCertVerificationResult> restart(
new SSLServerCertVerificationResult(mInfoObject, 0));
restart->Dispatch();
return NS_OK;
}
error = PR_GetError();
if (error != 0) {
nsRefPtr<CertErrorRunnable> runnable = CreateCertErrorRunnable(
error, mInfoObject, mCert, mFdForLogging);
RefPtr<CertErrorRunnable> runnable(CreateCertErrorRunnable(
error, mInfoObject, mCert, mFdForLogging));
if (!runnable) {
// CreateCertErrorRunnable set a new error code
error = PR_GetError();
@ -1084,8 +1083,8 @@ SSLServerCertVerificationJob::Run()
error = PR_INVALID_STATE_ERROR;
}
nsRefPtr<SSLServerCertVerificationResult> failure
= new SSLServerCertVerificationResult(mInfoObject, error);
RefPtr<SSLServerCertVerificationResult> failure(
new SSLServerCertVerificationResult(mInfoObject, error));
failure->Dispatch();
return NS_OK;
}
@ -1165,9 +1164,9 @@ AuthCertificateHook(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer)
PRErrorCode error = PR_GetError();
if (error != 0) {
nsRefPtr<CertErrorRunnable> runnable = CreateCertErrorRunnable(
RefPtr<CertErrorRunnable> runnable(CreateCertErrorRunnable(
error, socketInfo, serverCert,
static_cast<const void *>(fd));
static_cast<const void *>(fd)));
if (!runnable) {
// CreateCertErrorRunnable sets a new error code when it fails
error = PR_GetError();

3
security/manager/ssl/src/ScopedNSSTypes.h
View File

@ -9,15 +9,12 @@
#include "mozilla/Scoped.h"
extern "C" {
#include "prio.h"
#include "cert.h"
#include "cms.h"
#include "keyhi.h"
#include "pk11pub.h"
#include "sechash.h"
} // extern "C"
// Alphabetical order by NSS type
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPRFileDesc,

15
security/manager/ssl/src/TransportSecurityInfo.cpp
View File

@ -253,7 +253,7 @@ TransportSecurityInfo::GetErrorMessage(PRUnichar** aText)
}
*aText = ToNewUnicode(mErrorMessageCached);
return *aText != nullptr ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
return *aText ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
void
@ -338,9 +338,6 @@ TransportSecurityInfo::GetInterface(const nsIID & uuid, void * *result)
nsresult rv;
if (!mCallbacks) {
nsCOMPtr<nsIInterfaceRequestor> ir = new PipUIContext();
if (!ir)
return NS_ERROR_OUT_OF_MEMORY;
rv = ir->GetInterface(uuid, result);
} else {
rv = mCallbacks->GetInterface(uuid, result);
@ -360,7 +357,7 @@ TransportSecurityInfo::Write(nsIObjectOutputStream* stream)
MutexAutoLock lock(mMutex);
nsRefPtr<nsSSLStatus> status = mSSLStatus;
RefPtr<nsSSLStatus> status(mSSLStatus);
nsCOMPtr<nsISerializable> certSerializable;
// Write a redundant copy of the certificate for backward compatibility
@ -742,7 +739,7 @@ GetSubjectAltNames(CERTCertificate *nssCert,
nameCount = 0;
PLArenaPool *san_arena = nullptr;
SECItem altNameExtension = {siBuffer, NULL, 0 };
SECItem altNameExtension = {siBuffer, nullptr, 0 };
CERTGeneralName *sanNameList = nullptr;
SECStatus rv = CERT_FindCertExtension(nssCert, SEC_OID_X509_SUBJECT_ALT_NAME,
@ -820,7 +817,7 @@ AppendErrorTextMismatch(const nsString &host,
const PRUnichar *params[1];
nsresult rv;
CERTCertificate *nssCert = NULL;
CERTCertificate *nssCert = nullptr;
CERTCertificateCleaner nssCertCleaner(nssCert);
nsCOMPtr<nsIX509Cert2> cert2 = do_QueryInterface(ix509, &rv);
@ -1055,8 +1052,8 @@ formatOverridableCertErrorMessage(nsISSLStatus & sslStatus,
returnedMessage.Append(NS_LITERAL_STRING("\n\n"));
nsRefPtr<nsIX509Cert> ix509;
rv = sslStatus.GetServerCert(getter_AddRefs(ix509));
RefPtr<nsIX509Cert> ix509;
rv = sslStatus.GetServerCert(byRef(ix509));
NS_ENSURE_SUCCESS(rv, rv);
bool isUntrusted;

3
security/manager/ssl/src/TransportSecurityInfo.h
View File

@ -9,6 +9,7 @@
#include "certt.h"
#include "mozilla/Mutex.h"
#include "mozilla/RefPtr.h"
#include "nsIInterfaceRequestor.h"
#include "nsITransportSecurityInfo.h"
#include "nsSSLStatus.h"
@ -107,7 +108,7 @@ private:
PRErrorCode mIsCertIssuerBlacklisted;
/* SSL Status */
nsRefPtr<nsSSLStatus> mSSLStatus;
mozilla::RefPtr<nsSSLStatus> mSSLStatus;
virtual void virtualDestroyNSSReference();
void destructorSafeDestroyNSSReference();

2
security/manager/ssl/src/nsCERTValInParamWrapper.h
View File

@ -26,7 +26,7 @@
* In order to protect against the race, we use a reference counted wrapper.
* Each user of a foreign nsCERTValInParamWrapper object
* (e.g. the current global default object)
* must use nsRefPtr<nsCERTValInParamWrapper> = other-object
* must use RefPtr<nsCERTValInParamWrapper> = other-object
* prior to calling CERT_PKIXVerifyCert.
*
* This guarantees the object will still be alive after the call,

36
security/manager/ssl/src/nsCMS.cpp
View File

@ -16,12 +16,16 @@
#include "nsCERTValInParamWrapper.h"
#include "prlog.h"
#include "nsNSSCleaner.h"
#include "nsNSSComponent.h"
#ifdef PR_LOGGING
extern PRLogModuleInfo* gPIPNSSLog;
#endif
#include "nsNSSCleaner.h"
#include "nsNSSComponent.h"
using namespace mozilla;
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
@ -180,7 +184,7 @@ NS_IMETHODIMP nsCMSMessage::GetSignerCert(nsIX509Cert **scert)
}
else {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::GetSignerCert no signer cert, do we have a cert list? %s\n",
(si->certList != nullptr ? "yes" : "no") ));
(si->certList ? "yes" : "no") ));
*scert = nullptr;
}
@ -217,7 +221,7 @@ nsresult nsCMSMessage::CommonVerifySignature(unsigned char* aDigestData, uint32_
NSSCMSSignerInfo *si;
int32_t nsigners;
nsresult rv = NS_ERROR_FAILURE;
nsRefPtr<nsCERTValInParamWrapper> survivingParams;
RefPtr<nsCERTValInParamWrapper> survivingParams;
nsCOMPtr<nsINSSComponent> inss;
if (!NSS_CMSMessage_IsSigned(m_cmsMsg)) {
@ -265,7 +269,7 @@ nsresult nsCMSMessage::CommonVerifySignature(unsigned char* aDigestData, uint32_
if (!nsNSSComponent::globalConstFlagUsePKIXVerification) {
if (CERT_VerifyCertificateNow(CERT_GetDefaultCertDB(), si->cert, true,
certificateUsageEmailSigner,
si->cmsg->pwfn_arg, NULL) != SECSuccess) {
si->cmsg->pwfn_arg, nullptr) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - signing cert not trusted now\n"));
rv = NS_ERROR_CMS_VERIFY_UNTRUSTED;
goto loser;
@ -367,18 +371,10 @@ nsresult nsCMSMessage::CommonAsyncVerifySignature(nsISMimeVerificationListener *
unsigned char* aDigestData, uint32_t aDigestDataLen)
{
nsSMimeVerificationJob *job = new nsSMimeVerificationJob;
if (!job)
return NS_ERROR_OUT_OF_MEMORY;
if (aDigestData)
{
job->digest_data = new unsigned char[aDigestDataLen];
if (!job->digest_data)
{
delete job;
return NS_ERROR_OUT_OF_MEMORY;
}
memcpy(job->digest_data, aDigestData, aDigestDataLen);
}
else
@ -557,8 +553,8 @@ NS_IMETHODIMP nsCMSMessage::CreateEncrypted(nsIArray * aRecipientCerts)
goto loser;
}
m_cmsMsg = NSS_CMSMessage_Create(NULL);
if (m_cmsMsg == nullptr) {
m_cmsMsg = NSS_CMSMessage_Create(nullptr);
if (!m_cmsMsg) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't create new cms message\n"));
rv = NS_ERROR_OUT_OF_MEMORY;
goto loser;
@ -640,8 +636,8 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
/*
* create the message object
*/
m_cmsMsg = NSS_CMSMessage_Create(NULL); /* create a message on its own pool */
if (m_cmsMsg == NULL) {
m_cmsMsg = NSS_CMSMessage_Create(nullptr); /* create a message on its own pool */
if (!m_cmsMsg) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't create new message\n"));
rv = NS_ERROR_OUT_OF_MEMORY;
goto loser;
@ -650,7 +646,7 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
/*
* build chain of objects: message->signedData->data
*/
if ((sigd = NSS_CMSSignedData_Create(m_cmsMsg)) == NULL) {
if ((sigd = NSS_CMSSignedData_Create(m_cmsMsg)) == nullptr) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't create signed data\n"));
goto loser;
}
@ -674,7 +670,7 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
* create & attach signer information
*/
if ((signerinfo = NSS_CMSSignerInfo_Create(m_cmsMsg, scert, SEC_OID_SHA1))
== NULL) {
== nullptr) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't create signer info\n"));
goto loser;
}
@ -881,7 +877,7 @@ NS_IMETHODIMP nsCMSEncoder::Start(nsICMSMessage *aMsg, NSSCMSContentCallback cb,
m_ctx = new PipUIContext();
m_ecx = NSS_CMSEncoder_Start(cmsMsg->getCMS(), cb, arg, 0, 0, 0, m_ctx, 0, 0, 0, 0);
if (m_ecx == nullptr) {
if (!m_ecx) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Start - can't start encoder\n"));
return NS_ERROR_FAILURE;
}

7
security/manager/ssl/src/nsCMSSecureMessage.cpp
View File

@ -3,7 +3,6 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsMemory.h"
#include "nsXPIDLString.h"
#include "nsCOMPtr.h"
#include "nsISupports.h"
@ -147,7 +146,7 @@ SendMessage(const char *msg, const char *base64Cert, char ** _retval)
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
/* Step 0. Create a CMS Message */
cmsMsg = NSS_CMSMessage_Create(NULL);
cmsMsg = NSS_CMSMessage_Create(nullptr);
if (!cmsMsg) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't create NSSCMSMessage\n"));
rv = NS_ERROR_FAILURE;
@ -316,7 +315,7 @@ encode(const unsigned char *data, int32_t dataLen, char **_retval)
{
nsresult rv = NS_OK;
*_retval = PL_Base64Encode((const char *)data, dataLen, NULL);
*_retval = PL_Base64Encode((const char *)data, dataLen, nullptr);
if (!*_retval) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; }
loser:
@ -337,7 +336,7 @@ decode(const char *data, unsigned char **result, int32_t * _retval)
if (data[len-2] == '=') adjust++;
}
*result = (unsigned char *)PL_Base64Decode(data, len, NULL);
*result = (unsigned char *)PL_Base64Decode(data, len, nullptr);
if (!*result) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::decode - error decoding base64\n"));
rv = NS_ERROR_ILLEGAL_VALUE;

2
security/manager/ssl/src/nsCRLInfo.cpp
View File

@ -14,7 +14,6 @@
#include "nsNSSShutDown.h"
#include "nspr.h"
extern "C" {
#include "pk11func.h"
#include "certdb.h"
#include "cert.h"
@ -22,7 +21,6 @@ extern "C" {
#include "nssb64.h"
#include "secasn1.h"
#include "secder.h"
}
NS_IMPL_ISUPPORTS1(nsCRLInfo, nsICRLInfo)

12
security/manager/ssl/src/nsCRLManager.cpp
View File

@ -20,7 +20,6 @@
#include "nsNSSCertHeader.h"
#include "nspr.h"
extern "C" {
#include "pk11func.h"
#include "certdb.h"
#include "cert.h"
@ -28,7 +27,6 @@ extern "C" {
#include "nssb64.h"
#include "secasn1.h"
#include "secder.h"
}
#include "ssl.h"
#include "ocsp.h"
#include "plbase64.h"
@ -55,9 +53,9 @@ nsCRLManager::ImportCrl (uint8_t *aData, uint32_t aLength, nsIURI * aURI, uint32
nsNSSShutDownPreventionLock locker;
nsresult rv;
PLArenaPool *arena = NULL;
PLArenaPool *arena = nullptr;
CERTCertificate *caCert;
SECItem derName = { siBuffer, NULL, 0 };
SECItem derName = { siBuffer, nullptr, 0 };
SECItem derCrl;
CERTSignedData sd;
SECStatus sec_rv;
@ -182,7 +180,7 @@ done:
}
}
} else {
if(crlKey == nullptr){
if (!crlKey) {
return NS_ERROR_FAILURE;
}
nsCOMPtr<nsIPrefService> prefSvc = do_GetService(NS_PREFSERVICE_CONTRACTID,&rv);
@ -328,7 +326,7 @@ nsCRLManager::GetCrls(nsIArray ** aCrls)
}
if (head) {
for (node=head->first; node != nullptr; node = node->next) {
for (node=head->first; node; node = node->next) {
nsCOMPtr<nsICRLInfo> entry = new nsCRLInfo((node->crl));
crlsArray->AppendElement(entry, false);
@ -363,7 +361,7 @@ nsCRLManager::DeleteCrl(uint32_t aCrlIndex)
}
if (head) {
for (i = 0, node=head->first; node != nullptr; i++, node = node->next) {
for (i = 0, node=head->first; node; i++, node = node->next) {
if (i != aCrlIndex) {
continue;
}

5
security/manager/ssl/src/nsCertOverrideService.cpp
View File

@ -18,7 +18,6 @@
#include "nsPromiseFlatString.h"
#include "nsThreadUtils.h"
#include "nsStringBuffer.h"
#include "nsAutoPtr.h"
#include "nspr.h"
#include "pk11pub.h"
#include "certdb.h"
@ -510,7 +509,7 @@ nsCertOverrideService::RememberValidityOverride(const nsACString & aHostName, in
if (NS_FAILED(rv))
return rv;
char *dbkey = NULL;
char *dbkey = nullptr;
rv = aCert->GetDbKey(&dbkey);
if (NS_FAILED(rv) || !dbkey)
return rv;
@ -697,7 +696,7 @@ nsCertOverrideService::GetAllOverrideHostsWithPorts(uint32_t *aCount,
static bool
matchesDBKey(nsIX509Cert *cert, const char *match_dbkey)
{
char *dbkey = NULL;
char *dbkey = nullptr;
nsresult rv = cert->GetDbKey(&dbkey);
if (NS_FAILED(rv) || !dbkey)
return false;

70
security/manager/ssl/src/nsCertTree.cpp
View File

@ -22,13 +22,15 @@
#include "nsTHashtable.h"
#include "nsHashKeys.h"
#include "prlog.h"
#include "nsNSSCleaner.h"
using namespace mozilla;
#ifdef PR_LOGGING
extern PRLogModuleInfo* gPIPNSSLog;
#endif
#include "nsNSSCleaner.h"
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
@ -161,7 +163,7 @@ nsCertTreeDispInfo::GetHostPort(nsAString &aHostPort)
NS_IMPL_ISUPPORTS2(nsCertTree, nsICertTree, nsITreeView)
nsCertTree::nsCertTree() : mTreeArray(NULL)
nsCertTree::nsCertTree() : mTreeArray(nullptr)
{
mCompareCache.ops = nullptr;
mNSSComponent = do_GetService(kNSSComponentCID);
@ -212,7 +214,7 @@ nsCertTree::getCacheEntry(void *cache, void *aCert)
CompareCacheHashEntryPtr *entryPtr =
static_cast<CompareCacheHashEntryPtr*>
(PL_DHashTableOperate(&aCompareCache, aCert, PL_DHASH_ADD));
return entryPtr ? entryPtr->entry : NULL;
return entryPtr ? entryPtr->entry : nullptr;
}
void nsCertTree::RemoveCacheEntry(void *key)
@ -239,7 +241,7 @@ nsCertTree::CountOrganizations()
int32_t orgCount = 1;
for (i=1; i<certCount; i++) {
nextCert = nullptr;
addonInfo = mDispInfo.SafeElementAt(i, NULL)->mAddonInfo;
addonInfo = mDispInfo.SafeElementAt(i, nullptr)->mAddonInfo;
if (addonInfo) {
nextCert = addonInfo->mCert;
}
@ -280,8 +282,8 @@ nsCertTree::GetThreadDescAtIndex(int32_t index)
already_AddRefed<nsIX509Cert>
nsCertTree::GetCertAtIndex(int32_t index, int32_t *outAbsoluteCertOffset)
{
nsRefPtr<nsCertTreeDispInfo> certdi =
GetDispInfoAtIndex(index, outAbsoluteCertOffset);
RefPtr<nsCertTreeDispInfo> certdi(
GetDispInfoAtIndex(index, outAbsoluteCertOffset));
if (!certdi)
return nullptr;
@ -296,7 +298,7 @@ nsCertTree::GetCertAtIndex(int32_t index, int32_t *outAbsoluteCertOffset)
}
// If the row at index is a cert, return that cert. Otherwise, return null.
already_AddRefed<nsCertTreeDispInfo>
TemporaryRef<nsCertTreeDispInfo>
nsCertTree::GetDispInfoAtIndex(int32_t index,
int32_t *outAbsoluteCertOffset)
{
@ -311,7 +313,8 @@ nsCertTree::GetDispInfoAtIndex(int32_t index,
int32_t certIndex = cIndex + index - idx;
if (outAbsoluteCertOffset)
*outAbsoluteCertOffset = certIndex;
nsRefPtr<nsCertTreeDispInfo> certdi = mDispInfo.SafeElementAt(certIndex, NULL);
RefPtr<nsCertTreeDispInfo> certdi(mDispInfo.SafeElementAt(certIndex,
nullptr));
if (certdi) {
nsCertTreeDispInfo *raw = certdi.get();
NS_IF_ADDREF(raw);
@ -346,8 +349,8 @@ nsCertTree::GetCompareFuncFromCertType(uint32_t aType)
struct nsCertAndArrayAndPositionAndCounterAndTracker
{
nsRefPtr<nsCertAddonInfo> certai;
nsTArray< nsRefPtr<nsCertTreeDispInfo> > *array;
RefPtr<nsCertAddonInfo> certai;
nsTArray< RefPtr<nsCertTreeDispInfo> > *array;
int position;
int counter;
nsTHashtable<nsCStringHashKey> *tracker;
@ -410,7 +413,7 @@ CollectAllHostPortOverridesCallback(const nsCertOverride &aSettings,
struct nsArrayAndPositionAndCounterAndTracker
{
nsTArray< nsRefPtr<nsCertTreeDispInfo> > *array;
nsTArray< RefPtr<nsCertTreeDispInfo> > *array;
int position;
int counter;
nsTHashtable<nsCStringHashKey> *tracker;
@ -576,10 +579,7 @@ nsCertTree::GetCertsByTypeFromCertList(CERTCertList *aCertList,
}
}
nsRefPtr<nsCertAddonInfo> certai = new nsCertAddonInfo;
if (!certai)
return NS_ERROR_OUT_OF_MEMORY;
RefPtr<nsCertAddonInfo> certai(new nsCertAddonInfo);
certai->mCert = pipCert;
certai->mUsageCount = 0;
@ -587,7 +587,8 @@ nsCertTree::GetCertsByTypeFromCertList(CERTCertList *aCertList,
int InsertPosition = 0;
for (; InsertPosition < count; ++InsertPosition) {
nsCOMPtr<nsIX509Cert> cert = nullptr;
nsRefPtr<nsCertTreeDispInfo> elem = mDispInfo.SafeElementAt(InsertPosition, NULL);
RefPtr<nsCertTreeDispInfo> elem(
mDispInfo.SafeElementAt(InsertPosition, nullptr));
if (elem && elem->mAddonInfo) {
cert = elem->mAddonInfo->mCert;
}
@ -597,9 +598,6 @@ nsCertTree::GetCertsByTypeFromCertList(CERTCertList *aCertList,
}
if (wantThisCert) {
nsCertTreeDispInfo *certdi = new nsCertTreeDispInfo;
if (!certdi)
return NS_ERROR_OUT_OF_MEMORY;
certdi->mAddonInfo = certai;
certai->mUsageCount++;
certdi->mTypeOfEntry = nsCertTreeDispInfo::direct_db;
@ -644,7 +642,7 @@ nsCertTree::GetCertsByType(uint32_t aType,
void *aCertCmpFnArg)
{
nsNSSShutDownPreventionLock locker;
CERTCertList *certList = NULL;
CERTCertList *certList = nullptr;
nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
certList = PK11_ListCerts(PK11CertListUnique, cxt);
nsresult rv = GetCertsByTypeFromCertList(certList, aType, aCertCmpFn, aCertCmpFnArg);
@ -712,8 +710,6 @@ nsCertTree::UpdateUIContents()
uint32_t count = mDispInfo.Length();
mNumOrgs = CountOrganizations();
mTreeArray = new treeArrayEl[mNumOrgs];
if (!mTreeArray)
return NS_ERROR_OUT_OF_MEMORY;
mCellText = do_CreateInstance(NS_ARRAY_CONTRACTID);
@ -739,7 +735,7 @@ if (count) {
mTreeArray[i].numChildren = 1;
if (++j >= count) break;
nsCOMPtr<nsIX509Cert> nextCert = nullptr;
nsCertAddonInfo *addonInfo = mDispInfo.SafeElementAt(j, NULL)->mAddonInfo;
nsCertAddonInfo *addonInfo = mDispInfo.SafeElementAt(j, nullptr)->mAddonInfo;
if (addonInfo) {
nextCert = addonInfo->mCert;
}
@ -747,7 +743,7 @@ if (count) {
mTreeArray[i].numChildren++;
if (++j >= count) break;
nextCert = nullptr;
addonInfo = mDispInfo.SafeElementAt(j, NULL)->mAddonInfo;
addonInfo = mDispInfo.SafeElementAt(j, nullptr)->mAddonInfo;
if (addonInfo) {
nextCert = addonInfo->mCert;
}
@ -790,7 +786,8 @@ nsCertTree::DeleteEntryObject(uint32_t index)
int32_t certIndex = cIndex + index - idx;
bool canRemoveEntry = false;
nsRefPtr<nsCertTreeDispInfo> certdi = mDispInfo.SafeElementAt(certIndex, NULL);
RefPtr<nsCertTreeDispInfo> certdi(mDispInfo.SafeElementAt(certIndex,
nullptr));
// We will remove the element from the visual tree.
// Only if we have a certdi, then we can check for additional actions.
@ -883,8 +880,7 @@ nsCertTree::GetTreeItem(uint32_t aIndex, nsICertTreeItem **_treeitem)
{
NS_ENSURE_ARG(_treeitem);
nsRefPtr<nsCertTreeDispInfo> certdi =
GetDispInfoAtIndex(aIndex);
RefPtr<nsCertTreeDispInfo> certdi(GetDispInfoAtIndex(aIndex));
if (!certdi)
return NS_ERROR_FAILURE;
@ -898,8 +894,7 @@ nsCertTree::IsHostPortOverride(uint32_t aIndex, bool *_retval)
{
NS_ENSURE_ARG(_retval);
nsRefPtr<nsCertTreeDispInfo> certdi =
GetDispInfoAtIndex(aIndex);
RefPtr<nsCertTreeDispInfo> certdi(GetDispInfoAtIndex(aIndex));
if (!certdi)
return NS_ERROR_FAILURE;
@ -1110,7 +1105,7 @@ nsCertTree::GetCellText(int32_t row, nsITreeColumn* col,
col->GetIdConst(&colID);
treeArrayEl *el = GetThreadDescAtIndex(row);
if (el != nullptr) {
if (el) {
if (NS_LITERAL_STRING("certcol").Equals(colID))
_retval.Assign(el->orgName);
else
@ -1119,8 +1114,7 @@ nsCertTree::GetCellText(int32_t row, nsITreeColumn* col,
}
int32_t absoluteCertOffset;
nsRefPtr<nsCertTreeDispInfo> certdi =
GetDispInfoAtIndex(row, &absoluteCertOffset);
RefPtr<nsCertTreeDispInfo> certdi(GetDispInfoAtIndex(row, &absoluteCertOffset));
if (!certdi)
return NS_ERROR_FAILURE;
@ -1407,12 +1401,12 @@ nsCertTree::dumpMap()
}
for (int i=0; i<mNumRows; i++) {
treeArrayEl *el = GetThreadDescAtIndex(i);
if (el != nullptr) {
if (el) {
nsAutoString td(el->orgName);
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("thread desc[%d]: %s", i, NS_LossyConvertUTF16toASCII(td).get()));
}
nsCOMPtr<nsIX509Cert> ct = GetCertAtIndex(i);
if (ct != nullptr) {
if (ct) {
PRUnichar *goo;
ct->GetCommonName(&goo);
nsAutoString doo(goo);
@ -1461,7 +1455,7 @@ void
nsCertTree::CmpInitCriterion(nsIX509Cert *cert, CompareCacheHashEntry *entry,
sortCriterion crit, int32_t level)
{
NS_ENSURE_TRUE( (cert!=0 && entry!=0), RETURN_NOTHING );
NS_ENSURE_TRUE(cert && entry, RETURN_NOTHING);
entry->mCritInit[level] = true;
nsXPIDLString &str = entry->mCrit[level];
@ -1516,7 +1510,7 @@ nsCertTree::CmpByCrit(nsIX509Cert *a, CompareCacheHashEntry *ace,
nsIX509Cert *b, CompareCacheHashEntry *bce,
sortCriterion crit, int32_t level)
{
NS_ENSURE_TRUE( (a!=0 && ace!=0 && b!=0 && bce!=0), 0 );
NS_ENSURE_TRUE(a && ace && b && bce, 0);
if (!ace->mCritInit[level]) {
CmpInitCriterion(a, ace, crit, level);
@ -1561,7 +1555,7 @@ nsCertTree::CmpBy(void *cache, nsIX509Cert *a, nsIX509Cert *b,
if (!b)
return 1;
NS_ENSURE_TRUE( (cache!=0 && a!=0 && b!=0), 0 );
NS_ENSURE_TRUE(cache && a && b, 0);
CompareCacheHashEntry *ace = getCacheEntry(cache, a);
CompareCacheHashEntry *bce = getCacheEntry(cache, b);

11
security/manager/ssl/src/nsCertTree.h
View File

@ -6,7 +6,6 @@
#define _NS_CERTTREE_H_
#include "nsCOMPtr.h"
#include "nsAutoPtr.h"
#include "nsIServiceManager.h"
#include "nsICertTree.h"
#include "nsITreeView.h"
@ -45,7 +44,7 @@ public:
nsCertAddonInfo() : mUsageCount(0) {}
nsRefPtr<nsIX509Cert> mCert;
mozilla::RefPtr<nsIX509Cert> mCert;
// how many display entries reference this?
// (and therefore depend on the underlying cert)
int32_t mUsageCount;
@ -61,7 +60,7 @@ public:
nsCertTreeDispInfo(nsCertTreeDispInfo &other);
virtual ~nsCertTreeDispInfo();
nsRefPtr<nsCertAddonInfo> mAddonInfo;
mozilla::RefPtr<nsCertAddonInfo> mAddonInfo;
enum {
direct_db, host_port_override
} mTypeOfEntry;
@ -113,7 +112,7 @@ protected:
nsresult GetCertsByTypeFromCache(nsINSSCertCache *aCache, uint32_t aType,
nsCertCompareFunc aCertCmpFn, void *aCertCmpFnArg);
private:
nsTArray< nsRefPtr<nsCertTreeDispInfo> > mDispInfo;
nsTArray< mozilla::RefPtr<nsCertTreeDispInfo> > mDispInfo;
nsCOMPtr<nsITreeBoxObject> mTree;
nsCOMPtr<nsITreeSelection> mSelection;
treeArrayEl *mTreeArray;
@ -122,12 +121,12 @@ private:
PLDHashTable mCompareCache;
nsCOMPtr<nsINSSComponent> mNSSComponent;
nsCOMPtr<nsICertOverrideService> mOverrideService;
nsRefPtr<nsCertOverrideService> mOriginalOverrideService;
mozilla::RefPtr<nsCertOverrideService> mOriginalOverrideService;
treeArrayEl *GetThreadDescAtIndex(int32_t _index);
already_AddRefed<nsIX509Cert>
GetCertAtIndex(int32_t _index, int32_t *outAbsoluteCertOffset = nullptr);
already_AddRefed<nsCertTreeDispInfo>
mozilla::TemporaryRef<nsCertTreeDispInfo>
GetDispInfoAtIndex(int32_t index, int32_t *outAbsoluteCertOffset = nullptr);
void FreeCertArray();
nsresult UpdateUIContents();

4
security/manager/ssl/src/nsCertVerificationThread.cpp
View File

@ -2,8 +2,6 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsMemory.h"
#include "nsAutoPtr.h"
#include "nsCertVerificationThread.h"
#include "nsThreadUtils.h"
@ -47,7 +45,7 @@ void nsCertVerificationJob::Run()
PRUnichar **usages;
nsCOMPtr<nsICertVerificationResult> ires;
nsRefPtr<nsCertVerificationResult> vres = new nsCertVerificationResult;
RefPtr<nsCertVerificationResult> vres(new nsCertVerificationResult);
if (vres)
{
nsresult rv = mCert->GetUsagesArray(false, // do not ignore OCSP

7
security/manager/ssl/src/nsClientAuthRemember.cpp
View File

@ -7,6 +7,7 @@
#include "nsClientAuthRemember.h"
#include "nsIX509Cert.h"
#include "mozilla/RefPtr.h"
#include "nsCRT.h"
#include "nsNetUtil.h"
#include "nsIObserverService.h"
@ -94,7 +95,7 @@ GetCertFingerprintByOidTag(CERTCertificate* nsscert,
nsCString &fp)
{
unsigned int hash_len = HASH_ResultLenByOidTag(aOidTag);
nsRefPtr<nsStringBuffer> fingerprint = nsStringBuffer::Alloc(hash_len);
RefPtr<nsStringBuffer> fingerprint(nsStringBuffer::Alloc(hash_len));
if (!fingerprint)
return NS_ERROR_OUT_OF_MEMORY;
@ -113,7 +114,7 @@ nsresult
nsClientAuthRememberService::RememberDecision(const nsACString & aHostName,
CERTCertificate *aServerCert, CERTCertificate *aClientCert)
{
// aClientCert == NULL means: remember that user does not want to use a cert
// aClientCert == nullptr means: remember that user does not want to use a cert
NS_ENSURE_ARG_POINTER(aServerCert);
if (aHostName.IsEmpty())
return NS_ERROR_INVALID_ARG;
@ -127,7 +128,7 @@ nsClientAuthRememberService::RememberDecision(const nsACString & aHostName,
ReentrantMonitorAutoEnter lock(monitor);
if (aClientCert) {
nsNSSCertificate pipCert(aClientCert);
char *dbkey = NULL;
char *dbkey = nullptr;
rv = pipCert.GetDbKey(&dbkey);
if (NS_SUCCEEDED(rv) && dbkey) {
AddEntryToList(aHostName, fpStr,

1
security/manager/ssl/src/nsClientAuthRemember.h
View File

@ -11,7 +11,6 @@
#include "nsTHashtable.h"
#include "nsIObserver.h"
#include "nsIX509Cert.h"
#include "nsAutoPtr.h"
#include "nsNSSCertificate.h"
#include "nsString.h"
#include "nsWeakReference.h"

88
security/manager/ssl/src/nsCrypto.cpp
View File

@ -14,7 +14,6 @@
#include "nsThreadUtils.h"
#include "nsIServiceManager.h"
#include "nsIMemory.h"
#include "nsAutoPtr.h"
#include "nsAlgorithm.h"
#include "nsCRT.h"
#include "prprf.h"
@ -50,10 +49,8 @@
#include "seccomon.h"
#include "secerr.h"
#include "sechash.h"
extern "C" {
#include "crmf.h"
#include "pk11pqg.h"
}
#include "cmmf.h"
#include "nssb64.h"
#include "base64.h"
@ -66,6 +63,12 @@ extern "C" {
#include "ssl.h" // For SSL_ClearSessionCache
#include "nsNSSCleaner.h"
#include "nsNSSShutDown.h"
#include "nsNSSCertHelper.h"
using namespace mozilla;
NSSCleanupAutoPtrClass(SECKEYPrivateKey, SECKEY_DestroyPrivateKey)
NSSCleanupAutoPtrClass(PK11SlotInfo, PK11_FreeSlot)
NSSCleanupAutoPtrClass(CERTCertNicknames, CERT_FreeNicknames)
@ -73,9 +76,6 @@ NSSCleanupAutoPtrClass(PK11SymKey, PK11_FreeSymKey)
NSSCleanupAutoPtrClass_WithParam(PK11Context, PK11_DestroyContext, TrueParam, true)
NSSCleanupAutoPtrClass_WithParam(SECItem, SECITEM_FreeItem, TrueParam, true)
#include "nsNSSShutDown.h"
#include "nsNSSCertHelper.h"
/*
* These are the most common error strings that are returned
* by the JavaScript methods in case of error.
@ -336,13 +336,13 @@ static nsKeyGenType
cryptojs_interpret_key_gen_type(char *keyAlg)
{
char *end;
if (keyAlg == nullptr) {
if (!keyAlg) {
return invalidKeyGen;
}
/* First let's remove all leading and trailing white space */
while (isspace(keyAlg[0])) keyAlg++;
end = strchr(keyAlg, '\0');
if (end == nullptr) {
if (!end) {
return invalidKeyGen;
}
end--;
@ -457,7 +457,7 @@ nsConvertToActualKeyGenParams(uint32_t keyGenMech, char *params,
rsaParams = static_cast<PK11RSAGenParams*>
(nsMemory::Alloc(sizeof(PK11RSAGenParams)));
if (rsaParams == nullptr) {
if (!rsaParams) {
return nullptr;
}
/* I'm just taking the same parameters used in
@ -726,7 +726,7 @@ cryptojs_generateOneKeyPair(JSContext *cx, nsKeyPairInfo *keyPairInfo,
// "firstAttemptSlot" and "secondAttemptSlot" are alternative names
// for better code readability, we don't increase the reference counts.
PK11SlotInfo *firstAttemptSlot = NULL;
PK11SlotInfo *firstAttemptSlot = nullptr;
PK11AttrFlags firstAttemptFlags = 0;
PK11SlotInfo *secondAttemptSlot = slot;
@ -741,7 +741,7 @@ cryptojs_generateOneKeyPair(JSContext *cx, nsKeyPairInfo *keyPairInfo,
// if the destination slot is the internal slot, then there is only one attempt
firstAttemptSlot = secondAttemptSlot;
firstAttemptFlags = secondAttemptFlags;
secondAttemptSlot = NULL;
secondAttemptSlot = nullptr;
secondAttemptFlags = 0;
}
else {
@ -801,12 +801,12 @@ cryptojs_generateOneKeyPair(JSContext *cx, nsKeyPairInfo *keyPairInfo,
NS_RELEASE(dialogs);
if (NS_SUCCEEDED(rv)) {
PK11SlotInfo *used_slot = NULL;
PK11SlotInfo *used_slot = nullptr;
rv = KeygenRunnable->ConsumeResult(&used_slot,
&keyPairInfo->privKey, &keyPairInfo->pubKey);
if (NS_SUCCEEDED(rv)) {
if ((used_slot == firstAttemptSlot) && (secondAttemptSlot != NULL)) {
if ((used_slot == firstAttemptSlot) && secondAttemptSlot) {
mustMoveKey = true;
}
@ -816,8 +816,8 @@ cryptojs_generateOneKeyPair(JSContext *cx, nsKeyPairInfo *keyPairInfo,
}
}
firstAttemptSlot = NULL;
secondAttemptSlot = NULL;
firstAttemptSlot = nullptr;
secondAttemptSlot = nullptr;
nsFreeKeyGenParams(mechanism, keyGenParams);
@ -948,9 +948,9 @@ cryptojs_ReadArgsAndGenerateKey(JSContext *cx,
keyGenAlg.ptr());
goto loser;
}
if (*slot == nullptr) {
if (!*slot) {
*slot = nsGetSlotForKeyGen(keyGenType->keyGenType, uiCxt);
if (*slot == nullptr)
if (!*slot)
goto loser;
}
@ -1164,11 +1164,11 @@ nsSetKeyUsageExtension(CRMFCertRequest *crmfReq,
nsPrepareBitStringForEncoding(&bitsmap, &keyUsageValue);
encodedExt = SEC_ASN1EncodeItem(nullptr, nullptr, &bitsmap,&bitStrTemplate);
if (encodedExt == nullptr) {
if (!encodedExt) {
goto loser;
}
ext = CRMF_CreateCertExtension(SEC_OID_X509_KEY_USAGE, true, encodedExt);
if (ext == nullptr) {
if (!ext) {
goto loser;
}
extAddParams.numExtensions = 1;
@ -1488,7 +1488,7 @@ nsSet_EC_DHMAC_ProofOfPossession(CRMFCertReqMsg *certReqMsg,
// allows multiple requests to be sent in one step.
unsigned long der_request_len = 0;
SECItem *der_request = NULL;
SECItem *der_request = nullptr;
SECItemCleanerTrueParam der_request_cleaner(der_request);
if (SECSuccess != CRMF_EncodeCertRequest(certReq,
@ -1516,31 +1516,31 @@ nsSet_EC_DHMAC_ProofOfPossession(CRMFCertReqMsg *certReqMsg,
// issuer names in the CA's certificate as follows:
// K = SHA1(DER-encoded-subjectName | Kec | DER-encoded-issuerName)"
PK11SymKey *shared_secret = NULL;
PK11SymKey *shared_secret = nullptr;
PK11SymKeyCleaner shared_secret_cleaner(shared_secret);
PK11SymKey *subject_and_secret = NULL;
PK11SymKey *subject_and_secret = nullptr;
PK11SymKeyCleaner subject_and_secret_cleaner(subject_and_secret);
PK11SymKey *subject_and_secret_and_issuer = NULL;
PK11SymKey *subject_and_secret_and_issuer = nullptr;
PK11SymKeyCleaner subject_and_secret_and_issuer_cleaner(subject_and_secret_and_issuer);
PK11SymKey *sha1_of_subject_and_secret_and_issuer = NULL;
PK11SymKey *sha1_of_subject_and_secret_and_issuer = nullptr;
PK11SymKeyCleaner sha1_of_subject_and_secret_and_issuer_cleaner(sha1_of_subject_and_secret_and_issuer);
shared_secret =
PK11_PubDeriveWithKDF(keyInfo->privKey, // SECKEYPrivateKey *privKey
keyInfo->ecPopPubKey, // SECKEYPublicKey *pubKey
false, // bool isSender
NULL, // SECItem *randomA
NULL, // SECItem *randomB
nullptr, // SECItem *randomA
nullptr, // SECItem *randomB
CKM_ECDH1_DERIVE, // CK_MECHANISM_TYPE derive
CKM_CONCATENATE_DATA_AND_BASE, // CK_MECHANISM_TYPE target
CKA_DERIVE, // CK_ATTRIBUTE_TYPE operation
0, // int keySize
CKD_NULL, // CK_ULONG kdf
NULL, // SECItem *sharedData
NULL); // void *wincx
nullptr, // SECItem *sharedData
nullptr); // void *wincx
if (!shared_secret)
return NS_ERROR_FAILURE;
@ -1584,7 +1584,7 @@ nsSet_EC_DHMAC_ProofOfPossession(CRMFCertReqMsg *certReqMsg,
sha1_of_subject_and_secret_and_issuer =
PK11_Derive(subject_and_secret_and_issuer, // PK11SymKey *baseKey
CKM_SHA1_KEY_DERIVATION, // CK_MECHANISM_TYPE mechanism
NULL, // SECItem *param
nullptr, // SECItem *param
CKM_SHA_1_HMAC, // CK_MECHANISM_TYPE target
CKA_SIGN, // CK_ATTRIBUTE_TYPE operation
0); // int keySize
@ -1592,7 +1592,7 @@ nsSet_EC_DHMAC_ProofOfPossession(CRMFCertReqMsg *certReqMsg,
if (!sha1_of_subject_and_secret_and_issuer)
return NS_ERROR_FAILURE;
PK11Context *context = NULL;
PK11Context *context = nullptr;
PK11ContextCleanerTrueParam context_cleaner(context);
SECItem ignore;
@ -1615,7 +1615,7 @@ nsSet_EC_DHMAC_ProofOfPossession(CRMFCertReqMsg *certReqMsg,
PK11_DigestOp(context, der_request->data, der_request->len))
return NS_ERROR_FAILURE;
SECItem *result_hmac_sha1_item = NULL;
SECItem *result_hmac_sha1_item = nullptr;
SECItemCleanerTrueParam result_hmac_sha1_item_cleaner(result_hmac_sha1_item);
result_hmac_sha1_item = SECITEM_AllocItem(nullptr, nullptr, SHA1_LENGTH);
@ -1756,12 +1756,12 @@ nsEncodeCertReqMessages(CRMFCertReqMsg **certReqMsgs)
return nullptr;
}
SECItem *dest = (SECItem *)PORT_Alloc(sizeof(SECItem));
if (dest == nullptr) {
if (!dest) {
return nullptr;
}
dest->type = siBuffer;
dest->data = (unsigned char *)PORT_Alloc(len);
if (dest->data == nullptr) {
if (!dest->data) {
PORT_Free(dest);
return nullptr;
}
@ -1788,7 +1788,7 @@ nsCreateReqFromKeyPairs(nsKeyPairInfo *keyids, int32_t numRequests,
// that calls the C API of NSS.
int32_t i;
// The ASN1 encoder in NSS wants the last entry in the array to be
// NULL so that it knows when the last element is.
// nullptr so that it knows when the last element is.
CRMFCertReqMsg **certReqMsgs = new CRMFCertReqMsg*[numRequests+1];
CRMFCertRequest *certReq;
if (!certReqMsgs)
@ -1986,10 +1986,6 @@ nsCrypto::GenerateCRMFRequest(nsIDOMCRMFObject** aReturn)
nsCOMPtr<nsIInterfaceRequestor> uiCxt = new PipUIContext;
int32_t numRequests = (argc - 5)/3;
nsKeyPairInfo *keyids = new nsKeyPairInfo[numRequests];
if (keyids == nullptr) {
JS_ReportError(cx, "%s\n", JS_ERROR_INTERNAL);
return NS_ERROR_OUT_OF_MEMORY;
}
memset(keyids, 0, sizeof(nsKeyPairInfo)*numRequests);
int keyInfoIndex;
uint32_t i;
@ -2023,12 +2019,6 @@ nsCrypto::GenerateCRMFRequest(nsIDOMCRMFObject** aReturn)
return NS_ERROR_FAILURE;
}
nsCRMFObject *newObject = new nsCRMFObject();
if (newObject == nullptr) {
JS_ReportError(cx, "%s%s\n", JS_ERROR, "could not create crmf JS object");
nsFreeKeyPairInfo(keyids,numRequests);
return NS_ERROR_OUT_OF_MEMORY;
}
newObject->SetCRMFRequest(encodedRequest);
*aReturn = newObject;
//Give a reference to the returnee.
@ -2057,8 +2047,6 @@ nsCrypto::GenerateCRMFRequest(nsIDOMCRMFObject** aReturn)
NS_ENSURE_TRUE(principals, NS_ERROR_UNEXPECTED);
nsCryptoRunArgs *args = new nsCryptoRunArgs();
if (!args)
return NS_ERROR_OUT_OF_MEMORY;
args->m_cx = cx;
args->m_kungFuDeathGrip = GetISupportsFromContext(cx);
@ -2068,8 +2056,6 @@ nsCrypto::GenerateCRMFRequest(nsIDOMCRMFObject** aReturn)
args->m_principals = principals;
nsCryptoRunnable *cryptoRunnable = new nsCryptoRunnable(args);
if (!cryptoRunnable)
return NS_ERROR_OUT_OF_MEMORY;
rv = NS_DispatchToMainThread(cryptoRunnable);
if (NS_FAILED(rv))
@ -2360,7 +2346,7 @@ nsCrypto::ImportUserCertificates(const nsAString& aNickname,
if (currCert->nickname) {
localNick = currCert->nickname;
}
else if (nickname == nullptr || nickname[0] == '\0') {
else if (!nickname || nickname[0] == '\0') {
nsNSSCertificateDB::get_default_nickname(currCert, ctx, localNick);
} else {
//This is the case where we're getting a brand new
@ -2373,7 +2359,7 @@ nsCrypto::ImportUserCertificates(const nsAString& aNickname,
char *cast_const_away = const_cast<char*>(localNick.get());
slot = PK11_ImportCertForKey(currCert, cast_const_away, ctx);
}
if (slot == nullptr) {
if (!slot) {
rv = NS_ERROR_FAILURE;
goto loser;
}
@ -2679,7 +2665,7 @@ nsCrypto::SignText(const nsAString& aStringToSign, const nsAString& aCaOption,
for (node = CERT_LIST_HEAD(certList), certsToUse = 0;
!CERT_LIST_END(node, certList) && certsToUse < nicknames->numnicknames;
node = CERT_LIST_NEXT(node)) {
nsRefPtr<nsNSSCertificate> tempCert = nsNSSCertificate::Create(node->cert);
RefPtr<nsNSSCertificate> tempCert(nsNSSCertificate::Create(node->cert));
if (tempCert) {
nsAutoString nickWithSerial, details;
rv = tempCert->FormatUIStrings(NS_ConvertUTF8toUTF16(nicknames->nicknames[certsToUse]),

4
security/manager/ssl/src/nsDataSignatureVerifier.cpp
View File

@ -19,7 +19,7 @@ NS_IMPL_ISUPPORTS1(nsDataSignatureVerifier, nsIDataSignatureVerifier)
const SEC_ASN1Template CERT_SignatureDataTemplate[] =
{
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTSignedData) },
0, nullptr, sizeof(CERTSignedData) },
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN,
offsetof(CERTSignedData,signatureAlgorithm),
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate), },
@ -94,7 +94,7 @@ nsDataSignatureVerifier::VerifyData(const nsACString & aData,
aData.Length(), publicKey,
&(sigData.signature),
&(sigData.signatureAlgorithm),
NULL, NULL);
nullptr, nullptr);
// Clean up remaining objects
SECKEY_DestroyPublicKey(publicKey);

4
security/manager/ssl/src/nsIdentityChecking.cpp
View File

@ -1026,7 +1026,7 @@ static SECStatus getFirstEVPolicy(CERTCertificate *cert, SECOidTag &outOidTag)
return SECFailure;
if (cert->extensions) {
for (int i=0; cert->extensions[i] != nullptr; i++) {
for (int i=0; cert->extensions[i]; i++) {
const SECItem *oid = &cert->extensions[i]->id;
SECOidTag oidTag = SECOID_FindOIDTag(oid);
@ -1045,7 +1045,7 @@ static SECStatus getFirstEVPolicy(CERTCertificate *cert, SECOidTag &outOidTag)
policyInfos = policies->policyInfos;
bool found = false;
while (*policyInfos != NULL) {
while (*policyInfos) {
policyInfo = *policyInfos++;
SECOidTag oid_tag = policyInfo->oid;

24
security/manager/ssl/src/nsKeygenHandler.cpp
View File

@ -4,9 +4,7 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
extern "C" {
#include "secdert.h"
}
#include "nspr.h"
#include "nsNSSComponent.h" // for PIPNSS string bundle calls.
#include "keyhi.h"
@ -14,9 +12,7 @@ extern "C" {
#include "cryptohi.h"
#include "base64.h"
#include "secasn1.h"
extern "C" {
#include "pk11pqg.h"
}
#include "nsKeygenHandler.h"
#include "nsVoidArray.h"
#include "nsIServiceManager.h"
@ -37,7 +33,7 @@ extern "C" {
DERTemplate SECAlgorithmIDTemplate[] = {
{ DER_SEQUENCE,
0, NULL, sizeof(SECAlgorithmID) },
0, nullptr, sizeof(SECAlgorithmID) },
{ DER_OBJECT_ID,
offsetof(SECAlgorithmID,algorithm), },
{ DER_OPTIONAL | DER_ANY,
@ -65,7 +61,7 @@ DERTemplate CERTPublicKeyAndChallengeTemplate[] =
};
const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PQGParams) },
{ SEC_ASN1_SEQUENCE, 0, nullptr, sizeof(PQGParams) },
{ SEC_ASN1_INTEGER, offsetof(PQGParams,prime) },
{ SEC_ASN1_INTEGER, offsetof(PQGParams,subPrime) },
{ SEC_ASN1_INTEGER, offsetof(PQGParams,base) },
@ -226,7 +222,7 @@ SECKEYECParams *
decode_ec_params(const char *curve)
{
SECKEYECParams *ecparams;
SECOidData *oidData = NULL;
SECOidData *oidData = nullptr;
SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */
int i, numCurves;
@ -239,13 +235,13 @@ decode_ec_params(const char *curve)
}
}
/* Return NULL if curve name is not recognized */
/* Return nullptr if curve name is not recognized */
if ((curveOidTag == SEC_OID_UNKNOWN) ||
(oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) {
(oidData = SECOID_FindOIDByTag(curveOidTag)) == nullptr) {
return nullptr;
}
ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len));
ecparams = SECITEM_AllocItem(nullptr, nullptr, (2 + oidData->oid.len));
if (!ecparams)
return nullptr;
@ -280,8 +276,6 @@ nsKeygenFormProcessor::Create(nsISupports* aOuter, const nsIID& aIID, void* *aRe
nsresult rv;
NS_ENSURE_NO_AGGREGATION(aOuter);
nsKeygenFormProcessor* formProc = new nsKeygenFormProcessor();
if (!formProc)
return NS_ERROR_OUT_OF_MEMORY;
nsCOMPtr<nsISupports> stabilize = formProc;
rv = formProc->Init();
@ -533,7 +527,7 @@ nsKeygenFormProcessor::GetPublicKey(nsAString& aValue, nsAString& aChallenge,
bool found_match = false;
do {
end = strchr(str, ',');
if (end != nullptr)
if (end)
*end = '\0';
primeBits = pqg_prime_bits(str);
if (keysize == primeBits) {
@ -541,7 +535,7 @@ nsKeygenFormProcessor::GetPublicKey(nsAString& aValue, nsAString& aChallenge,
break;
}
str = end + 1;
} while (end != nullptr);
} while (end);
if (!found_match) {
goto loser;
}
@ -754,7 +748,7 @@ loser:
if ( arena ) {
PORT_FreeArena(arena, true);
}
if (slot != nullptr) {
if (slot) {
PK11_FreeSlot(slot);
}
if (KeygenRunnable) {

6
security/manager/ssl/src/nsNSSASN1Object.cpp
View File

@ -116,7 +116,7 @@ buildASN1ObjectFromDER(unsigned char *data,
uint32_t type;
rv = parent->GetASN1Objects(getter_AddRefs(parentObjects));
if (NS_FAILED(rv) || parentObjects == nullptr)
if (NS_FAILED(rv) || !parentObjects)
return NS_ERROR_FAILURE;
while (data < end) {
code = *data;
@ -193,7 +193,7 @@ CreateFromDER(unsigned char *data,
sequence->GetASN1Objects(getter_AddRefs(elements));
nsCOMPtr<nsIASN1Object> asn1Obj = do_QueryElementAt(elements, 0);
*retval = asn1Obj;
if (*retval == nullptr)
if (!*retval)
return NS_ERROR_FAILURE;
NS_ADDREF(*retval);
@ -218,7 +218,7 @@ nsNSSASN1Sequence::~nsNSSASN1Sequence()
NS_IMETHODIMP
nsNSSASN1Sequence::GetASN1Objects(nsIMutableArray * *aASN1Objects)
{
if (mASN1Objects == nullptr) {
if (!mASN1Objects) {
mASN1Objects = do_CreateInstance(NS_ARRAY_CONTRACTID);
}
*aASN1Objects = mASN1Objects;

15
security/manager/ssl/src/nsNSSCallbacks.cpp
View File

@ -337,7 +337,7 @@ nsNSSHttpRequestSession::internal_send_receive_attempt(bool &retryable_error,
volatile bool &waitFlag = mListener->mWaitFlag;
waitFlag = true;
nsRefPtr<nsHTTPDownloadEvent> event = new nsHTTPDownloadEvent;
RefPtr<nsHTTPDownloadEvent> event(new nsHTTPDownloadEvent);
if (!event)
return SECFailure;
@ -401,7 +401,8 @@ nsNSSHttpRequestSession::internal_send_receive_attempt(bool &retryable_error,
{
request_canceled = true;
nsRefPtr<nsCancelHTTPDownloadEvent> cancelevent = new nsCancelHTTPDownloadEvent;
RefPtr<nsCancelHTTPDownloadEvent> cancelevent(
new nsCancelHTTPDownloadEvent);
cancelevent->mListener = mListener;
rv = NS_DispatchToMainThread(cancelevent);
if (NS_FAILED(rv)) {
@ -723,7 +724,7 @@ void PK11PasswordPromptRunnable::RunOnTargetThread()
else
{
prompt = do_GetInterface(mIR);
NS_ASSERTION(prompt != nullptr, "callbacks does not implement nsIPrompt");
NS_ASSERTION(prompt, "callbacks does not implement nsIPrompt");
}
if (!prompt)
@ -774,9 +775,9 @@ void PK11PasswordPromptRunnable::RunOnTargetThread()
char*
PK11PasswordPrompt(PK11SlotInfo* slot, PRBool retry, void* arg)
{
nsRefPtr<PK11PasswordPromptRunnable> runnable =
RefPtr<PK11PasswordPromptRunnable> runnable(
new PK11PasswordPromptRunnable(slot,
static_cast<nsIInterfaceRequestor*>(arg));
static_cast<nsIInterfaceRequestor*>(arg)));
runnable->DispatchToMainThreadAndWait();
return runnable->mResult;
}
@ -870,7 +871,7 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
infoObject->SetShortSecurityDescription(shortDesc.get());
/* Set the SSL Status information */
nsRefPtr<nsSSLStatus> status = infoObject->SSLStatus();
RefPtr<nsSSLStatus> status(infoObject->SSLStatus());
if (!status) {
status = new nsSSLStatus();
infoObject->SetSSLStatus(status);
@ -881,7 +882,7 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
CERTCertificate *serverCert = SSL_PeerCertificate(fd);
if (serverCert) {
nsRefPtr<nsNSSCertificate> nssc = nsNSSCertificate::Create(serverCert);
RefPtr<nsNSSCertificate> nssc(nsNSSCertificate::Create(serverCert));
CERT_DestroyCertificate(serverCert);
serverCert = nullptr;

77
security/manager/ssl/src/nsNSSCertHelper.cpp
View File

@ -5,6 +5,7 @@
#include "prerror.h"
#include "prprf.h"
#include "mozilla/Scoped.h"
#include "nsNSSCertHelper.h"
#include "nsCOMPtr.h"
#include "nsNSSCertificate.h"
@ -17,6 +18,8 @@
#include "nsNSSCertTrust.h"
#include "nsIDateTimeFormat.h"
#include "nsDateTimeFormatCID.h"
using namespace mozilla;
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
@ -86,8 +89,6 @@ ProcessVersion(SECItem *versionItem,
nsresult rv;
nsAutoString text;
nsCOMPtr<nsIASN1PrintableItem> printableItem = new nsNSSASN1PrintableItem();
if (printableItem == nullptr)
return NS_ERROR_OUT_OF_MEMORY;
nssComponent->GetPIPNSSBundleString("CertDumpVersion", text);
rv = printableItem->SetDisplayName(text);
@ -143,9 +144,6 @@ ProcessSerialNumberDER(SECItem *serialItem,
nsAutoString text;
nsCOMPtr<nsIASN1PrintableItem> printableItem = new nsNSSASN1PrintableItem();
if (printableItem == nullptr)
return NS_ERROR_OUT_OF_MEMORY;
rv = nssComponent->GetPIPNSSBundleString("CertDumpSerialNo", text);
if (NS_FAILED(rv))
return rv;
@ -156,7 +154,7 @@ ProcessSerialNumberDER(SECItem *serialItem,
nsXPIDLCString serialNumber;
serialNumber.Adopt(CERT_Hexify(serialItem, 1));
if (serialNumber == nullptr)
if (!serialNumber)
return NS_ERROR_OUT_OF_MEMORY;
rv = printableItem->SetDisplayValue(NS_ConvertASCIItoUTF16(serialNumber));
@ -831,17 +829,17 @@ ProcessExtKeyUsage(SECItem *extData,
nsINSSComponent *nssComponent)
{
nsAutoString local;
CERTOidSequence *extKeyUsage = NULL;
CERTOidSequence *extKeyUsage = nullptr;
SECItem **oids;
SECItem *oid;
nsresult rv;
extKeyUsage = CERT_DecodeOidSequence(extData);
if (extKeyUsage == NULL)
if (!extKeyUsage)
return NS_ERROR_FAILURE;
oids = extKeyUsage->oids;
while (oids != NULL && *oids != NULL) {
while (oids && *oids) {
// For each OID, try to find a bundle string
// of the form CertDumpEKU_<underlined-OID>
nsAutoString oidname;
@ -901,12 +899,7 @@ ProcessRDN(CERTRDN* rdn, nsAString &finalString, nsINSSComponent *nssComponent)
// We know we can fit buffer of this length. CERT_RFC1485_EscapeAndQuote
// will fail if we provide smaller buffer then the result can fit to.
int escapedValueCapacity = decodeItem->len * 3 + 3;
nsAutoArrayPtr<char> escapedValue;
escapedValue = new char[escapedValueCapacity];
if (!escapedValue) {
SECITEM_FreeItem(decodeItem, true);
return NS_ERROR_OUT_OF_MEMORY;
}
ScopedDeleteArray<char> escapedValue(new char[escapedValueCapacity]);
SECStatus status = CERT_RFC1485_EscapeAndQuote(
escapedValue.get(),
@ -1282,7 +1275,7 @@ ProcessUserNotice(SECItem *der_notice,
nsAString &text,
nsINSSComponent *nssComponent)
{
CERTUserNotice *notice = NULL;
CERTUserNotice *notice = nullptr;
SECItem **itemList;
PLArenaPool *arena;
@ -1291,7 +1284,7 @@ ProcessUserNotice(SECItem *der_notice,
return NS_ERROR_FAILURE;
notice = CERT_DecodeUserNotice(der_notice);
if (notice == NULL) {
if (!notice) {
ProcessRawBytes(nssComponent, der_notice, text);
goto finish;
}
@ -1364,11 +1357,11 @@ ProcessCertificatePolicies(SECItem *extData,
nsresult rv = NS_OK;
policies = CERT_DecodeCertificatePoliciesExtension(extData);
if ( policies == NULL )
if (!policies)
return NS_ERROR_FAILURE;
policyInfos = policies->policyInfos;
while (*policyInfos != NULL ) {
while (*policyInfos) {
policyInfo = *policyInfos++;
switch (policyInfo->oid) {
case SEC_OID_VERISIGN_USER_NOTICES:
@ -1401,7 +1394,7 @@ ProcessCertificatePolicies(SECItem *extData,
if (needColon)
text.Append(NS_LITERAL_STRING(":"));
text.Append(NS_LITERAL_STRING(SEPARATOR));
while (*policyQualifiers != NULL) {
while (*policyQualifiers) {
text.Append(NS_LITERAL_STRING(" "));
policyQualifier = *policyQualifiers++;
switch(policyQualifier->oid) {
@ -1551,10 +1544,10 @@ ProcessAuthInfoAccess(SECItem *extData,
return NS_ERROR_FAILURE;
aia = CERT_DecodeAuthInfoAccessExtension(arena, extData);
if (aia == NULL)
if (!aia)
goto finish;
while (*aia != NULL) {
while (*aia) {
desc = *aia++;
switch (SECOID_FindOIDTag(&desc->method)) {
case SEC_OID_PKIX_OCSP:
@ -1685,13 +1678,11 @@ ProcessSingleExtension(CERTCertExtension *extension,
nsAutoString text, extvalue;
GetOIDText(&extension->id, nssComponent, text);
nsCOMPtr<nsIASN1PrintableItem>extensionItem = new nsNSSASN1PrintableItem();
if (extensionItem == nullptr)
return NS_ERROR_OUT_OF_MEMORY;
extensionItem->SetDisplayName(text);
SECOidTag oidTag = SECOID_FindOIDTag(&extension->id);
text.Truncate();
if (extension->critical.data != nullptr) {
if (extension->critical.data) {
if (extension->critical.data[0]) {
nssComponent->GetPIPNSSBundleString("CertDumpCritical", text);
} else {
@ -1721,10 +1712,8 @@ ProcessSECAlgorithmID(SECAlgorithmID *algID,
nsIASN1Sequence **retSequence)
{
SECOidTag algOIDTag = SECOID_FindOIDTag(&algID->algorithm);
SECItem paramsOID = { siBuffer, NULL, 0 };
SECItem paramsOID = { siBuffer, nullptr, 0 };
nsCOMPtr<nsIASN1Sequence> sequence = new nsNSSASN1Sequence();
if (sequence == nullptr)
return NS_ERROR_OUT_OF_MEMORY;
*retSequence = nullptr;
nsString text;
@ -1734,8 +1723,6 @@ ProcessSECAlgorithmID(SECAlgorithmID *algID,
sequence->SetIsValidContainer(false);
} else {
nsCOMPtr<nsIASN1PrintableItem> printableItem = new nsNSSASN1PrintableItem();
if (printableItem == nullptr)
return NS_ERROR_OUT_OF_MEMORY;
printableItem->SetDisplayValue(text);
nsCOMPtr<nsIMutableArray> asn1Objects;
@ -1745,8 +1732,6 @@ ProcessSECAlgorithmID(SECAlgorithmID *algID,
printableItem->SetDisplayName(text);
printableItem = new nsNSSASN1PrintableItem();
if (printableItem == nullptr)
return NS_ERROR_OUT_OF_MEMORY;
asn1Objects->AppendElement(printableItem, false);
nssComponent->GetPIPNSSBundleString("CertDumpParams", text);
@ -1799,8 +1784,6 @@ ProcessTime(PRTime dispTime, const PRUnichar *displayName,
text.Append(NS_LITERAL_STRING(" GMT)"));
nsCOMPtr<nsIASN1PrintableItem> printableItem = new nsNSSASN1PrintableItem();
if (printableItem == nullptr)
return NS_ERROR_OUT_OF_MEMORY;
printableItem->SetDisplayValue(text);
printableItem->SetDisplayName(nsDependentString(displayName));
@ -1817,9 +1800,6 @@ ProcessSubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki,
{
nsCOMPtr<nsIASN1Sequence> spkiSequence = new nsNSSASN1Sequence();
if (spkiSequence == nullptr)
return NS_ERROR_OUT_OF_MEMORY;
nsString text;
nssComponent->GetPIPNSSBundleString("CertDumpSPKI", text);
spkiSequence->SetDisplayName(text);
@ -1836,14 +1816,12 @@ ProcessSubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki,
asn1Objects->AppendElement(sequenceItem, false);
nsCOMPtr<nsIASN1PrintableItem> printableItem = new nsNSSASN1PrintableItem();
if (printableItem == nullptr)
return NS_ERROR_OUT_OF_MEMORY;
text.Truncate();
SECKEYPublicKey *key = SECKEY_ExtractPublicKey(spki);
bool displayed = false;
if (key != NULL) {
if (key) {
switch (key->keyType) {
case rsaKey: {
displayed = true;
@ -1917,8 +1895,6 @@ ProcessExtensions(CERTCertExtension **extensions,
nsINSSComponent *nssComponent)
{
nsCOMPtr<nsIASN1Sequence> extensionSequence = new nsNSSASN1Sequence;
if (extensionSequence == nullptr)
return NS_ERROR_OUT_OF_MEMORY;
nsString text;
nssComponent->GetPIPNSSBundleString("CertDumpExtensions", text);
@ -1996,8 +1972,6 @@ nsNSSCertificate::CreateTBSCertificateASN1Struct(nsIASN1Sequence **retSequence,
// The code in this method will assert this is the structure we're dealing
// and then add more user friendly text for that field.
nsCOMPtr<nsIASN1Sequence> sequence = new nsNSSASN1Sequence();
if (sequence == nullptr)
return NS_ERROR_OUT_OF_MEMORY;
nsString text;
nssComponent->GetPIPNSSBundleString("CertDumpCertificate", text);
@ -2035,8 +2009,6 @@ nsNSSCertificate::CreateTBSCertificateASN1Struct(nsIASN1Sequence **retSequence,
ProcessName(&mCert->issuer, nssComponent, getter_Copies(value));
printableItem = new nsNSSASN1PrintableItem();
if (printableItem == nullptr)
return NS_ERROR_OUT_OF_MEMORY;
printableItem->SetDisplayValue(value);
nssComponent->GetPIPNSSBundleString("CertDumpIssuer", text);
@ -2067,8 +2039,6 @@ nsNSSCertificate::CreateTBSCertificateASN1Struct(nsIASN1Sequence **retSequence,
nssComponent->GetPIPNSSBundleString("CertDumpSubject", text);
printableItem = new nsNSSASN1PrintableItem();
if (printableItem == nullptr)
return NS_ERROR_OUT_OF_MEMORY;
printableItem->SetDisplayName(text);
ProcessName(&mCert->subject, nssComponent,getter_Copies(value));
@ -2082,7 +2052,7 @@ nsNSSCertificate::CreateTBSCertificateASN1Struct(nsIASN1Sequence **retSequence,
SECItem data;
// Is there an issuerUniqueID?
if (mCert->issuerID.data != nullptr) {
if (mCert->issuerID.data) {
// The issuerID is encoded as a bit string.
// The function ProcessRawBytes expects the
// length to be in bytes, so let's convert the
@ -2092,8 +2062,6 @@ nsNSSCertificate::CreateTBSCertificateASN1Struct(nsIASN1Sequence **retSequence,
ProcessRawBytes(nssComponent, &data, text);
printableItem = new nsNSSASN1PrintableItem();
if (printableItem == nullptr)
return NS_ERROR_OUT_OF_MEMORY;
printableItem->SetDisplayValue(text);
nssComponent->GetPIPNSSBundleString("CertDumpIssuerUniqueID", text);
@ -2111,8 +2079,6 @@ nsNSSCertificate::CreateTBSCertificateASN1Struct(nsIASN1Sequence **retSequence,
ProcessRawBytes(nssComponent, &data, text);
printableItem = new nsNSSASN1PrintableItem();
if (printableItem == nullptr)
return NS_ERROR_OUT_OF_MEMORY;
printableItem->SetDisplayValue(text);
nssComponent->GetPIPNSSBundleString("CertDumpSubjectUniqueID", text);
@ -2149,9 +2115,6 @@ nsNSSCertificate::CreateASN1Struct()
nsCOMPtr<nsIASN1Sequence> sequence = new nsNSSASN1Sequence();
mASN1Structure = sequence;
if (mASN1Structure == nullptr) {
return NS_ERROR_OUT_OF_MEMORY;
}
nsCOMPtr<nsIMutableArray> asn1Objects;
sequence->GetASN1Objects(getter_AddRefs(asn1Objects));
@ -2211,7 +2174,7 @@ getCertType(CERTCertificate *cert)
return nsIX509Cert::SERVER_CERT;
if (trust.HasPeer(false, true, false) && cert->emailAddr)
return nsIX509Cert::EMAIL_CERT;
if (CERT_IsCACert(cert,NULL))
if (CERT_IsCACert(cert, nullptr))
return nsIX509Cert::CA_CERT;
if (cert->emailAddr)
return nsIX509Cert::EMAIL_CERT;

45
security/manager/ssl/src/nsNSSCertificate.cpp
View File

@ -38,7 +38,6 @@
#include "nsXULAppAPI.h"
#include "nspr.h"
extern "C" {
#include "pk11func.h"
#include "certdb.h"
#include "cert.h"
@ -46,13 +45,14 @@ extern "C" {
#include "nssb64.h"
#include "secasn1.h"
#include "secder.h"
}
#include "ssl.h"
#include "ocsp.h"
#include "plbase64.h"
#include "cms.h"
#include "cert.h"
using namespace mozilla;
#ifdef PR_LOGGING
extern PRLogModuleInfo* gPIPNSSLog;
#endif
@ -127,7 +127,7 @@ nsNSSCertificate::InitFromDER(char *certDER, int derLen)
if (!aCert)
return false;
if(aCert->dbhandle == nullptr)
if (!aCert->dbhandle)
{
aCert->dbhandle = CERT_GetDefaultCertDB();
}
@ -258,7 +258,7 @@ GetKeyUsagesString(CERTCertificate *cert, nsINSSComponent *nssComponent,
text.Truncate();
SECItem keyUsageItem;
keyUsageItem.data = NULL;
keyUsageItem.data = nullptr;
SECStatus srv;
@ -822,7 +822,7 @@ nsNSSCertificate::GetChain(nsIArray **_rvChain)
NS_ENSURE_ARG(_rvChain);
nsresult rv;
/* Get the cert chain from NSS */
CERTCertList *nssChain = NULL;
CERTCertList *nssChain = nullptr;
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting chain for \"%s\"\n", mCert->nickname));
nssChain = CERT_GetCertChainFromCert(mCert, PR_Now(), certUsageSSLClient);
if (!nssChain)
@ -860,13 +860,13 @@ nsNSSCertificate::GetAllTokenNames(uint32_t *aLength, PRUnichar*** aTokenNames)
NS_ENSURE_ARG(aLength);
NS_ENSURE_ARG(aTokenNames);
*aLength = 0;
*aTokenNames = NULL;
*aTokenNames = nullptr;
/* Get the slots from NSS */
PK11SlotList *slots = NULL;
PK11SlotList *slots = nullptr;
PK11SlotListCleaner slotCleaner(slots);
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting slots for \"%s\"\n", mCert->nickname));
slots = PK11_GetAllSlotsForCert(mCert, NULL);
slots = PK11_GetAllSlotsForCert(mCert, nullptr);
if (!slots) {
if (PORT_GetError() == SEC_ERROR_NO_TOKEN)
return NS_OK; // List of slots is empty, return empty array
@ -894,7 +894,7 @@ nsNSSCertificate::GetAllTokenNames(uint32_t *aLength, PRUnichar*** aTokenNames)
if (!(*aTokenNames)[iToken]) {
NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(iToken, *aTokenNames);
*aLength = 0;
*aTokenNames = NULL;
*aTokenNames = nullptr;
return NS_ERROR_OUT_OF_MEMORY;
}
}
@ -1201,8 +1201,6 @@ nsNSSCertificate::GetValidity(nsIX509CertValidity **aValidity)
NS_ENSURE_ARG(aValidity);
nsX509CertValidity *validity = new nsX509CertValidity(mCert);
if (nullptr == validity)
return NS_ERROR_OUT_OF_MEMORY;
NS_ADDREF(validity);
*aValidity = static_cast<nsIX509CertValidity*>(validity);
@ -1222,7 +1220,7 @@ nsNSSCertificate::VerifyForUsage(uint32_t usage, uint32_t *verificationResult)
nsCOMPtr<nsINSSComponent> inss = do_GetService(kNSSComponentCID, &nsrv);
if (!inss)
return nsrv;
nsRefPtr<nsCERTValInParamWrapper> survivingParams;
RefPtr<nsCERTValInParamWrapper> survivingParams;
nsrv = inss->GetDefaultCERTValInParam(survivingParams);
if (NS_FAILED(nsrv))
return nsrv;
@ -1287,14 +1285,14 @@ nsNSSCertificate::VerifyForUsage(uint32_t usage, uint32_t *verificationResult)
if (!nsNSSComponent::globalConstFlagUsePKIXVerification) {
CERTCertDBHandle *defaultcertdb = CERT_GetDefaultCertDB();
verify_result = CERT_VerifyCertificateNow(defaultcertdb, mCert, true,
nss_usage, NULL, NULL);
nss_usage, nullptr, nullptr);
}
else {
CERTValOutParam cvout[1];
cvout[0].type = cert_po_end;
verify_result = CERT_PKIXVerifyCert(mCert, nss_usage,
survivingParams->GetRawPointerForNSS(),
cvout, NULL);
cvout, nullptr);
}
if (verify_result == SECSuccess)
@ -1395,8 +1393,6 @@ nsNSSCertificate::RequestUsagesArrayAsync(nsICertVerificationListener *aResultLi
return NS_ERROR_FAILURE;
nsCertVerificationJob *job = new nsCertVerificationJob;
if (!job)
return NS_ERROR_OUT_OF_MEMORY;
job->mCert = this;
job->mListener = aResultListener;
@ -1481,7 +1477,7 @@ nsNSSCertificate::GetASN1Structure(nsIASN1Object * *aASN1Structure)
nsNSSShutDownPreventionLock locker;
nsresult rv = NS_OK;
NS_ENSURE_ARG_POINTER(aASN1Structure);
if (mASN1Structure == nullptr) {
if (!mASN1Structure) {
// First create the recursive structure os ASN1Objects
// which tells us the layout of the cert.
rv = CreateASN1Struct();
@ -1573,7 +1569,7 @@ char* nsNSSCertificate::defaultServerNickname(CERTCertificate* cert)
else {
nickname = PR_smprintf("%s #%d", servername, count);
}
if (nickname == NULL) {
if (!nickname) {
break;
}
@ -1621,12 +1617,12 @@ nsNSSCertList::AddCert(nsIX509Cert *aCert)
CERTCertificate *cert;
cert = nssCert->GetCert();
if (cert == nullptr) {
if (!cert) {
NS_ERROR("Somehow got nullptr for mCertificate in nsNSSCertificate.");
return NS_ERROR_FAILURE;
}
if (mCertList == nullptr) {
if (!mCertList) {
NS_ERROR("Somehow got nullptr for mCertList in nsNSSCertList.");
return NS_ERROR_FAILURE;
}
@ -1644,12 +1640,12 @@ nsNSSCertList::DeleteCert(nsIX509Cert *aCert)
CERTCertificate *cert = nssCert->GetCert();
CERTCertListNode *node;
if (cert == nullptr) {
if (!cert) {
NS_ERROR("Somehow got nullptr for mCertificate in nsNSSCertificate.");
return NS_ERROR_FAILURE;
}
if (mCertList == nullptr) {
if (!mCertList) {
NS_ERROR("Somehow got nullptr for mCertList in nsNSSCertList.");
return NS_ERROR_FAILURE;
}
@ -1672,7 +1668,7 @@ nsNSSCertList::DupCertList(CERTCertList *aCertList)
CERTCertList *newList = CERT_NewCertList();
if (newList == nullptr) {
if (!newList) {
return nullptr;
}
@ -1696,9 +1692,6 @@ NS_IMETHODIMP
nsNSSCertList::GetEnumerator(nsISimpleEnumerator **_retval)
{
nsCOMPtr<nsISimpleEnumerator> enumerator = new nsNSSCertListEnumerator(mCertList);
if (!enumerator) {
return NS_ERROR_OUT_OF_MEMORY;
}
*_retval = enumerator;
NS_ADDREF(*_retval);

1
security/manager/ssl/src/nsNSSCertificate.h
View File

@ -14,6 +14,7 @@
#include "nsIASN1Object.h"
#include "nsISMimeCert.h"
#include "nsIIdentityInfo.h"
#include "nsCOMPtr.h"
#include "nsNSSShutDown.h"
#include "nsISimpleEnumerator.h"
#include "nsISerializable.h"

104
security/manager/ssl/src/nsNSSCertificateDB.cpp
View File

@ -27,7 +27,6 @@
#include "nsThreadUtils.h"
#include "nspr.h"
extern "C" {
#include "pk11func.h"
#include "certdb.h"
#include "cert.h"
@ -35,16 +34,18 @@ extern "C" {
#include "nssb64.h"
#include "secasn1.h"
#include "secder.h"
}
#include "ssl.h"
#include "ocsp.h"
#include "plbase64.h"
#include "nsNSSCleaner.h"
using namespace mozilla;
#ifdef PR_LOGGING
extern PRLogModuleInfo* gPIPNSSLog;
#endif
#include "nsNSSCleaner.h"
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
NSSCleanupAutoPtrClass(CERTCertList, CERT_DestroyCertList)
NSSCleanupAutoPtrClass(CERTCertificateList, CERT_DestroyCertificateList)
@ -69,20 +70,20 @@ nsNSSCertificateDB::FindCertByNickname(nsISupports *aToken,
nsIX509Cert **_rvCert)
{
nsNSSShutDownPreventionLock locker;
CERTCertificate *cert = NULL;
char *asciiname = NULL;
CERTCertificate *cert = nullptr;
char *asciiname = nullptr;
NS_ConvertUTF16toUTF8 aUtf8Nickname(nickname);
asciiname = const_cast<char*>(aUtf8Nickname.get());
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting \"%s\"\n", asciiname));
#if 0
// what it should be, but for now...
if (aToken) {
cert = PK11_FindCertFromNickname(asciiname, NULL);
cert = PK11_FindCertFromNickname(asciiname, nullptr);
} else {
cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), asciiname);
}
#endif
cert = PK11_FindCertFromNickname(asciiname, NULL);
cert = PK11_FindCertFromNickname(asciiname, nullptr);
if (!cert) {
cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), asciiname);
}
@ -143,7 +144,7 @@ nsNSSCertificateDB::FindCertByDBKey(const char *aDBkey, nsISupports *aToken,
if (cert) {
nsNSSCertificate *nssCert = nsNSSCertificate::Create(cert);
CERT_DestroyCertificate(cert);
if (nssCert == nullptr)
if (!nssCert)
return NS_ERROR_OUT_OF_MEMORY;
NS_ADDREF(nssCert);
*_cert = static_cast<nsIX509Cert*>(nssCert);
@ -162,7 +163,7 @@ nsNSSCertificateDB::FindCertNicknames(nsISupports *aToken,
/*
* obtain the cert list from NSS
*/
CERTCertList *certList = NULL;
CERTCertList *certList = nullptr;
PK11CertListType pk11type;
#if 0
// this would seem right, but it didn't work...
@ -172,7 +173,7 @@ nsNSSCertificateDB::FindCertNicknames(nsISupports *aToken,
else
#endif
pk11type = PK11CertListUnique;
certList = PK11_ListCerts(pk11type, NULL);
certList = PK11_ListCerts(pk11type, nullptr);
if (!certList)
goto cleanup;
/*
@ -202,7 +203,7 @@ collect_certs(void *arg, SECItem **certs, int numcerts)
collectArgs->numcerts = numcerts;
collectArgs->rawCerts = (SECItem *) PORT_ArenaZAlloc(collectArgs->arena,
sizeof(SECItem) * numcerts);
if ( collectArgs->rawCerts == NULL )
if (!collectArgs->rawCerts)
return(SECFailure);
cert = collectArgs->rawCerts;
@ -225,7 +226,7 @@ nsNSSCertificateDB::getCertsFromPackage(PLArenaPool *arena, uint8_t *data,
nsNSSShutDownPreventionLock locker;
CERTDERCerts *collectArgs =
(CERTDERCerts *)PORT_ArenaZAlloc(arena, sizeof(CERTDERCerts));
if ( collectArgs == nullptr )
if (!collectArgs)
return nullptr;
collectArgs->arena = arena;
@ -347,7 +348,7 @@ nsNSSCertificateDB::handleCACertDownload(nsIArray *x509Certs,
CERTCertificateCleaner tmpCertCleaner(tmpCert);
if (!CERT_IsCACert(tmpCert, NULL)) {
if (!CERT_IsCACert(tmpCert, nullptr)) {
DisplayCertificateAlert(ctx, "NotACACert", certToShow);
return NS_ERROR_FAILURE;
}
@ -389,7 +390,7 @@ nsNSSCertificateDB::handleCACertDownload(nsIArray *x509Certs,
// build a CertList for filtering
CERTCertList *certList = CERT_NewCertList();
if (certList == NULL) {
if (!certList) {
return NS_ERROR_FAILURE;
}
@ -493,8 +494,8 @@ nsNSSCertificateDB::ImportEmailCertificate(uint8_t * data, uint32_t length,
SECStatus srv = SECFailure;
nsresult nsrv = NS_OK;
CERTCertDBHandle *certdb;
CERTCertificate **certArray = NULL;
CERTCertList *certList = NULL;
CERTCertificate **certArray = nullptr;
CERTCertList *certList = nullptr;
CERTCertListNode *node;
PRTime now;
SECCertUsage certusage;
@ -508,7 +509,7 @@ nsNSSCertificateDB::ImportEmailCertificate(uint8_t * data, uint32_t length,
nsCOMPtr<nsINSSComponent> inss = do_GetService(kNSSComponentCID, &nsrv);
if (!inss)
return nsrv;
nsRefPtr<nsCERTValInParamWrapper> survivingParams;
RefPtr<nsCERTValInParamWrapper> survivingParams;
nsrv = inss->GetDefaultCERTValInParam(survivingParams);
if (NS_FAILED(nsrv))
return nsrv;
@ -540,10 +541,10 @@ nsNSSCertificateDB::ImportEmailCertificate(uint8_t * data, uint32_t length,
}
srv = CERT_ImportCerts(certdb, certusage, numcerts, rawArray,
&certArray, false, false, NULL);
&certArray, false, false, nullptr);
PORT_Free(rawArray);
rawArray = NULL;
rawArray = nullptr;
if (srv != SECSuccess) {
nsrv = NS_ERROR_FAILURE;
@ -552,7 +553,7 @@ nsNSSCertificateDB::ImportEmailCertificate(uint8_t * data, uint32_t length,
// build a CertList for filtering
certList = CERT_NewCertList();
if (certList == NULL) {
if (!certList) {
nsrv = NS_ERROR_FAILURE;
goto loser;
}
@ -581,7 +582,7 @@ nsNSSCertificateDB::ImportEmailCertificate(uint8_t * data, uint32_t length,
if (!nsNSSComponent::globalConstFlagUsePKIXVerification) {
if (CERT_VerifyCert(certdb, node->cert,
true, certusage, now, ctx, NULL) != SECSuccess) {
true, certusage, now, ctx, nullptr) != SECSuccess) {
alert_and_skip = true;
}
}
@ -623,9 +624,9 @@ nsNSSCertificateDB::ImportEmailCertificate(uint8_t * data, uint32_t length,
rawArray[i] = &certChain->certs[i];
}
CERT_ImportCerts(certdb, certusage, certChain->len,
rawArray, NULL, true, false, NULL);
rawArray, nullptr, true, false, nullptr);
CERT_SaveSMimeProfile(node->cert, NULL, NULL);
CERT_SaveSMimeProfile(node->cert, nullptr, nullptr);
PORT_Free(rawArray);
}
@ -667,7 +668,7 @@ nsNSSCertificateDB::ImportServerCertificate(uint8_t * data, uint32_t length,
return NS_ERROR_FAILURE;
}
cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), certCollection->rawCerts,
(char *)NULL, false, true);
nullptr, false, true);
if (!cert) {
nsrv = NS_ERROR_FAILURE;
goto loser;
@ -685,7 +686,7 @@ nsNSSCertificateDB::ImportServerCertificate(uint8_t * data, uint32_t length,
serverNickname = nsNSSCertificate::defaultServerNickname(cert);
srv = CERT_ImportCerts(CERT_GetDefaultCertDB(), certUsageSSLServer,
numcerts, rawCerts, NULL, true, false,
numcerts, rawCerts, nullptr, true, false,
serverNickname);
PR_FREEIF(serverNickname);
if ( srv != SECSuccess ) {
@ -711,12 +712,12 @@ loser:
nsresult
nsNSSCertificateDB::ImportValidCACerts(int numCACerts, SECItem *CACerts, nsIInterfaceRequestor *ctx)
{
CERTCertList *certList = NULL;
CERTCertList *certList = nullptr;
SECItem **rawArray;
// build a CertList for filtering
certList = CERT_NewCertList();
if (certList == NULL) {
if (!certList) {
return NS_ERROR_FAILURE;
}
@ -724,7 +725,7 @@ nsNSSCertificateDB::ImportValidCACerts(int numCACerts, SECItem *CACerts, nsIInte
// get all certs into temp store
SECStatus srv = SECFailure;
CERTCertificate **certArray = NULL;
CERTCertificate **certArray = nullptr;
rawArray = (SECItem **) PORT_Alloc(sizeof(SECItem *) * numCACerts);
if ( !rawArray ) {
@ -736,10 +737,10 @@ nsNSSCertificateDB::ImportValidCACerts(int numCACerts, SECItem *CACerts, nsIInte
}
srv = CERT_ImportCerts(CERT_GetDefaultCertDB(), certUsageAnyCA, numCACerts, rawArray,
&certArray, false, true, NULL);
&certArray, false, true, nullptr);
PORT_Free(rawArray);
rawArray = NULL;
rawArray = nullptr;
if (srv != SECSuccess) {
return NS_ERROR_FAILURE;
@ -766,7 +767,7 @@ nsNSSCertificateDB::ImportValidCACertsInList(CERTCertList *certList, nsIInterfac
nsCOMPtr<nsINSSComponent> inss = do_GetService(kNSSComponentCID, &nsrv);
if (!inss)
return nsrv;
nsRefPtr<nsCERTValInParamWrapper> survivingParams;
RefPtr<nsCERTValInParamWrapper> survivingParams;
nsrv = inss->GetDefaultCERTValInParam(survivingParams);
if (NS_FAILED(nsrv))
return nsrv;
@ -792,7 +793,7 @@ nsNSSCertificateDB::ImportValidCACertsInList(CERTCertList *certList, nsIInterfac
if (!nsNSSComponent::globalConstFlagUsePKIXVerification) {
if (CERT_VerifyCert(CERT_GetDefaultCertDB(), node->cert,
true, certUsageVerifyCA, PR_Now(), ctx, NULL) != SECSuccess) {
true, certUsageVerifyCA, PR_Now(), ctx, nullptr) != SECSuccess) {
alert_and_skip = true;
}
}
@ -834,7 +835,7 @@ nsNSSCertificateDB::ImportValidCACertsInList(CERTCertList *certList, nsIInterfac
rawArray[i] = &certChain->certs[i];
}
CERT_ImportCerts(CERT_GetDefaultCertDB(), certUsageAnyCA, certChain->len,
rawArray, NULL, true, true, NULL);
rawArray, nullptr, true, true, nullptr);
PORT_Free(rawArray);
}
@ -893,10 +894,10 @@ nsNSSCertificateDB::ImportUserCertificate(uint8_t *data, uint32_t length, nsIInt
SECItem *CACerts;
CERTDERCerts * collectArgs;
PLArenaPool *arena;
CERTCertificate * cert=NULL;
CERTCertificate * cert = nullptr;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( arena == NULL ) {
if (!arena) {
goto loser;
}
@ -906,13 +907,13 @@ nsNSSCertificateDB::ImportUserCertificate(uint8_t *data, uint32_t length, nsIInt
}
cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), collectArgs->rawCerts,
(char *)NULL, false, true);
nullptr, false, true);
if (!cert) {
goto loser;
}
slot = PK11_KeyForCertExists(cert, NULL, ctx);
if ( slot == NULL ) {
slot = PK11_KeyForCertExists(cert, nullptr, ctx);
if (!slot) {
nsCOMPtr<nsIX509Cert> certToShow = nsNSSCertificate::Create(cert);
DisplayCertificateAlert(ctx, "UserCertIgnoredNoPrivateKey", certToShow);
goto loser;
@ -1135,8 +1136,6 @@ nsNSSCertificateDB::ImportCertsFromFile(nsISupports *aToken,
return NS_ERROR_FAILURE;
unsigned char *buf = new unsigned char[file_info.size];
if (!buf)
return NS_ERROR_OUT_OF_MEMORY;
int32_t bytes_obtained = PR_Read(fd, buf, file_info.size);
PR_Close(fd);
@ -1307,7 +1306,7 @@ nsNSSCertificateDB::getCertNames(CERTCertList *certList,
nsNSSShutDownPreventionLock locker;
CERTCertListNode *node;
uint32_t numcerts = 0, i=0;
PRUnichar **tmpArray = NULL;
PRUnichar **tmpArray = nullptr;
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("List of certs %d:\n", type));
for (node = CERT_LIST_HEAD(certList);
!CERT_LIST_END(node, certList);
@ -1325,8 +1324,8 @@ nsNSSCertificateDB::getCertNames(CERTCertList *certList,
node = CERT_LIST_NEXT(node)) {
if (getCertType(node->cert) == type) {
nsNSSCertificate pipCert(node->cert);
char *dbkey = NULL;
char *namestr = NULL;
char *dbkey = nullptr;
char *namestr = nullptr;
nsAutoString certstr;
pipCert.GetDbKey(&dbkey);
nsAutoString keystr = NS_ConvertASCIItoUTF16(dbkey);
@ -1384,7 +1383,7 @@ nsNSSCertificateDB::FindEmailEncryptionCert(const nsAString &aNickname, nsIX509C
CERTCertificate *cert = 0;
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
nsNSSCertificate *nssCert = nullptr;
char *asciiname = NULL;
char *asciiname = nullptr;
NS_ConvertUTF16toUTF8 aUtf8Nickname(aNickname);
asciiname = const_cast<char*>(aUtf8Nickname.get());
@ -1395,7 +1394,7 @@ nsNSSCertificateDB::FindEmailEncryptionCert(const nsAString &aNickname, nsIX509C
if (!cert) { goto loser; }
nssCert = nsNSSCertificate::Create(cert);
if (nssCert == nullptr) {
if (!nssCert) {
rv = NS_ERROR_OUT_OF_MEMORY;
}
NS_ADDREF(nssCert);
@ -1424,7 +1423,7 @@ nsNSSCertificateDB::FindEmailSigningCert(const nsAString &aNickname, nsIX509Cert
CERTCertificate *cert = 0;
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
nsNSSCertificate *nssCert = nullptr;
char *asciiname = NULL;
char *asciiname = nullptr;
NS_ConvertUTF16toUTF8 aUtf8Nickname(aNickname);
asciiname = const_cast<char*>(aUtf8Nickname.get());
@ -1435,7 +1434,7 @@ nsNSSCertificateDB::FindEmailSigningCert(const nsAString &aNickname, nsIX509Cert
if (!cert) { goto loser; }
nssCert = nsNSSCertificate::Create(cert);
if (nssCert == nullptr) {
if (!nssCert) {
rv = NS_ERROR_OUT_OF_MEMORY;
}
NS_ADDREF(nssCert);
@ -1453,7 +1452,7 @@ nsNSSCertificateDB::FindCertByEmailAddress(nsISupports *aToken, const char *aEma
nsNSSShutDownPreventionLock locker;
nsCOMPtr<nsINSSComponent> inss;
nsRefPtr<nsCERTValInParamWrapper> survivingParams;
RefPtr<nsCERTValInParamWrapper> survivingParams;
nsresult nsrv;
if (nsNSSComponent::globalConstFlagUsePKIXVerification) {
@ -1528,7 +1527,7 @@ nsNSSCertificateDB::ConstructX509FromBase64(const char *base64,
// sure would be nice to have a smart pointer class for PL_ allocations
// unfortunately, we cannot distinguish out-of-memory from bad-input here
uint32_t len = PL_strlen(base64);
char *certDER = PL_Base64Decode(base64, len, NULL);
char *certDER = PL_Base64Decode(base64, len, nullptr);
if (!certDER)
return NS_ERROR_ILLEGAL_VALUE;
if (!*certDER) {
@ -1665,7 +1664,7 @@ nsNSSCertificateDB::get_default_nickname(CERTCertificate *cert,
* card.
*/
dummycert = PK11_FindCertFromNickname(nickname.get(), ctx);
if (dummycert != NULL) {
if (dummycert) {
/*
* Make sure the subject names are different.
*/
@ -1677,7 +1676,7 @@ nsNSSCertificateDB::get_default_nickname(CERTCertificate *cert,
* nickname.
*/
CERT_DestroyCertificate(dummycert);
dummycert = NULL;
dummycert = nullptr;
}
}
}
@ -1753,10 +1752,9 @@ nsNSSCertificateDB::GetCerts(nsIX509CertList **_retval)
nsCOMPtr<nsIX509CertList> nssCertList;
certList = PK11_ListCerts(PK11CertListUnique, ctx);
// nsNSSCertList 1) adopts certList, and 2) handles the NULL case fine.
// nsNSSCertList 1) adopts certList, and 2) handles the nullptr case fine.
// (returns an empty list)
nssCertList = new nsNSSCertList(certList, true);
if (!nssCertList) { return NS_ERROR_OUT_OF_MEMORY; }
*_retval = nssCertList;
NS_ADDREF(*_retval);

52
security/manager/ssl/src/nsNSSComponent.cpp
View File

@ -36,7 +36,6 @@
#include "nsIDOMSmartCardEvent.h"
#include "nsIDOMCrypto.h"
#include "nsThreadUtils.h"
#include "nsAutoPtr.h"
#include "nsCRT.h"
#include "nsCRLInfo.h"
#include "nsCertOverrideService.h"
@ -78,10 +77,8 @@
#include "nsILocalFileWin.h"
#endif
extern "C" {
#include "pkcs12.h"
#include "p12plcy.h"
}
using namespace mozilla;
using namespace mozilla::psm;
@ -322,7 +319,7 @@ nsNSSComponent::nsNSSComponent()
mNSSInitialized(false),
mCrlTimerLock("nsNSSComponent.mCrlTimerLock"),
mThreadList(nullptr),
mCertVerificationThread(NULL)
mCertVerificationThread(nullptr)
{
#ifdef PR_LOGGING
if (!gPIPNSSLog)
@ -360,7 +357,7 @@ nsNSSComponent::deleteBackgroundThreads()
void
nsNSSComponent::createBackgroundThreads()
{
NS_ASSERTION(mCertVerificationThread == nullptr,
NS_ASSERTION(!mCertVerificationThread,
"Cert verification thread already created.");
mCertVerificationThread = new nsCertVerificationThread;
@ -387,7 +384,7 @@ nsNSSComponent::~nsNSSComponent()
}
crlDownloadTimerOn = false;
}
if(crlsScheduledForDownload != nullptr){
if (crlsScheduledForDownload) {
crlsScheduledForDownload->Reset();
delete crlsScheduledForDownload;
}
@ -416,9 +413,6 @@ nsNSSComponent::PostEvent(const nsAString &eventType,
{
nsCOMPtr<nsIRunnable> runnable =
new nsTokenEventRunnable(eventType, tokenName);
if (!runnable) {
return NS_ERROR_OUT_OF_MEMORY;
}
return NS_DispatchToMainThread(runnable);
}
@ -514,7 +508,7 @@ nsNSSComponent::DispatchEventToWindow(nsIDOMWindow *domWin,
// find the document
nsCOMPtr<nsIDOMDocument> doc;
rv = domWin->GetDocument(getter_AddRefs(doc));
if (doc == nullptr) {
if (!doc) {
return NS_FAILED(rv) ? rv : NS_ERROR_FAILURE;
}
@ -533,10 +527,6 @@ nsNSSComponent::DispatchEventToWindow(nsIDOMWindow *domWin,
new nsSmartCardEvent(tokenName);
// init the smart card event, fail here if we can't complete the
// initialization.
if (!smartCardEvent) {
return NS_ERROR_OUT_OF_MEMORY;
}
rv = smartCardEvent->Init(event);
if (NS_FAILED(rv)) {
return rv;
@ -663,16 +653,10 @@ nsNSSComponent::LaunchSmartCardThread(SECMODModule *module)
{
SmartCardMonitoringThread *newThread;
if (SECMOD_HasRemovableSlots(module)) {
if (mThreadList == nullptr) {
if (!mThreadList) {
mThreadList = new SmartCardThreadList();
if (!mThreadList) {
return NS_ERROR_OUT_OF_MEMORY;
}
}
newThread = new SmartCardMonitoringThread(module);
if (!newThread) {
return NS_ERROR_OUT_OF_MEMORY;
}
// newThread is adopted by the add.
return mThreadList->Add(newThread);
}
@ -712,8 +696,8 @@ nss_addEscape(const char *string, char quote)
}
newString = (char*)PORT_ZAlloc(escapes+size+1);
if (newString == NULL) {
return NULL;
if (!newString) {
return nullptr;
}
for (src=string, dest=newString; *src; src++,dest++) {
@ -1054,7 +1038,7 @@ static CipherPref CipherPrefs[] = {
{"security.ssl3.rsa_null_sha", SSL_RSA_WITH_NULL_SHA}, // No encryption with RSA authentication and a SHA1 MAC
{"security.ssl3.rsa_null_md5", SSL_RSA_WITH_NULL_MD5}, // No encryption with RSA authentication and an MD5 MAC
{"security.ssl3.rsa_seed_sha", TLS_RSA_WITH_SEED_CBC_SHA}, // SEED encryption with RSA and a SHA1 MAC
{NULL, 0} /* end marker */
{nullptr, 0} /* end marker */
};
static void
@ -1142,7 +1126,7 @@ void nsNSSComponent::setValidationOptions(nsIPrefBranch * pref)
ocspMode_FailureIsVerificationFailure
: ocspMode_FailureIsNotAVerificationFailure);
nsRefPtr<nsCERTValInParamWrapper> newCVIN = new nsCERTValInParamWrapper;
RefPtr<nsCERTValInParamWrapper> newCVIN(new nsCERTValInParamWrapper);
if (NS_SUCCEEDED(newCVIN->Construct(
aiaDownloadEnabled ?
nsCERTValInParamWrapper::missing_cert_download_on : nsCERTValInParamWrapper::missing_cert_download_off,
@ -1201,8 +1185,6 @@ nsNSSComponent::PostCRLImportEvent(const nsCSubstring &urlString,
{
//Create the event
nsCOMPtr<nsIRunnable> event = new CRLDownloadEvent(urlString, listener);
if (!event)
return NS_ERROR_OUT_OF_MEMORY;
//Get a handle to the ui thread
return NS_DispatchToMainThread(event);
@ -1227,8 +1209,8 @@ nsresult nsNSSComponent::DownloadCrlSilently()
crlsScheduledForDownload->Put(&hashKey,(void *)nullptr);
//Set up the download handler
nsRefPtr<PSMContentDownloader> psmDownloader =
new PSMContentDownloader(PSMContentDownloader::PKCS7_CRL);
RefPtr<PSMContentDownloader> psmDownloader(
new PSMContentDownloader(PSMContentDownloader::PKCS7_CRL));
psmDownloader->setSilentDownload(true);
psmDownloader->setCrlAutodownloadKey(mCrlUpdateKey);
@ -1439,7 +1421,7 @@ nsNSSComponent::StopCRLUpdateTimer()
//If it is at all running.
if (mUpdateTimerInitialized) {
if(crlsScheduledForDownload != nullptr){
if (crlsScheduledForDownload) {
crlsScheduledForDownload->Reset();
delete crlsScheduledForDownload;
crlsScheduledForDownload = nullptr;
@ -1645,7 +1627,7 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
if (NS_FAILED(rv)) {
PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to get profile directory\n"));
ConfigureInternalPKCS11Token();
SECStatus init_rv = NSS_NoDB_Init(NULL);
SECStatus init_rv = NSS_NoDB_Init(nullptr);
if (init_rv != SECSuccess) {
nsPSMInitPanic::SetPanic();
return NS_ERROR_NOT_AVAILABLE;
@ -2064,7 +2046,7 @@ static PRBool DecryptionAllowedCallback(SECAlgorithmID *algid,
static void * GetPasswordKeyCallback(void *arg, void *handle)
{
return NULL;
return nullptr;
}
NS_IMETHODIMP
@ -2639,7 +2621,7 @@ nsNSSComponent::IsNSSInitialized(bool *initialized)
}
NS_IMETHODIMP
nsNSSComponent::GetDefaultCERTValInParam(nsRefPtr<nsCERTValInParamWrapper> &out)
nsNSSComponent::GetDefaultCERTValInParam(RefPtr<nsCERTValInParamWrapper> &out)
{
MutexAutoLock lock(mutex);
if (!mNSSInitialized)
@ -2649,7 +2631,7 @@ nsNSSComponent::GetDefaultCERTValInParam(nsRefPtr<nsCERTValInParamWrapper> &out)
}
NS_IMETHODIMP
nsNSSComponent::GetDefaultCERTValInParamLocalOnly(nsRefPtr<nsCERTValInParamWrapper> &out)
nsNSSComponent::GetDefaultCERTValInParamLocalOnly(RefPtr<nsCERTValInParamWrapper> &out)
{
MutexAutoLock lock(mutex);
if (!mNSSInitialized)
@ -3193,7 +3175,7 @@ PSMContentDownloader::OnDataAvailable(nsIRequest* request,
size_t newSize = (mBufferOffset + aLength) *2; // grow some more than needed
char *newBuffer;
newBuffer = (char*)nsMemory::Realloc(mByteData, newSize);
if (newBuffer == nullptr) {
if (!newBuffer) {
return NS_ERROR_OUT_OF_MEMORY;
}
mByteData = newBuffer;

19
security/manager/ssl/src/nsNSSComponent.h
View File

@ -8,6 +8,7 @@
#define _nsNSSComponent_h_
#include "mozilla/Mutex.h"
#include "mozilla/RefPtr.h"
#include "nsCOMPtr.h"
#include "nsISignatureVerifier.h"
#include "nsIURIContentListener.h"
@ -159,8 +160,10 @@ class NS_NO_VTABLE nsINSSComponent : public nsISupports {
NS_IMETHOD IsNSSInitialized(bool *initialized) = 0;
NS_IMETHOD GetDefaultCERTValInParam(nsRefPtr<nsCERTValInParamWrapper> &out) = 0;
NS_IMETHOD GetDefaultCERTValInParamLocalOnly(nsRefPtr<nsCERTValInParamWrapper> &out) = 0;
NS_IMETHOD GetDefaultCERTValInParam(
mozilla::RefPtr<nsCERTValInParamWrapper> &out) = 0;
NS_IMETHOD GetDefaultCERTValInParamLocalOnly(
mozilla::RefPtr<nsCERTValInParamWrapper> &out) = 0;
};
NS_DEFINE_STATIC_IID_ACCESSOR(nsINSSComponent, NS_INSSCOMPONENT_IID)
@ -260,8 +263,10 @@ public:
NS_IMETHOD EnsureIdentityInfoLoaded();
NS_IMETHOD IsNSSInitialized(bool *initialized);
NS_IMETHOD GetDefaultCERTValInParam(nsRefPtr<nsCERTValInParamWrapper> &out);
NS_IMETHOD GetDefaultCERTValInParamLocalOnly(nsRefPtr<nsCERTValInParamWrapper> &out);
NS_IMETHOD GetDefaultCERTValInParam(
mozilla::RefPtr<nsCERTValInParamWrapper> &out);
NS_IMETHOD GetDefaultCERTValInParamLocalOnly(
mozilla::RefPtr<nsCERTValInParamWrapper> &out);
private:
nsresult InitializeNSS(bool showWarningBox);
@ -322,9 +327,9 @@ private:
nsCertVerificationThread *mCertVerificationThread;
nsNSSHttpInterface mHttpForNSS;
nsRefPtr<nsClientAuthRememberService> mClientAuthRememberService;
nsRefPtr<nsCERTValInParamWrapper> mDefaultCERTValInParam;
nsRefPtr<nsCERTValInParamWrapper> mDefaultCERTValInParamLocalOnly;
mozilla::RefPtr<nsClientAuthRememberService> mClientAuthRememberService;
mozilla::RefPtr<nsCERTValInParamWrapper> mDefaultCERTValInParam;
mozilla::RefPtr<nsCERTValInParamWrapper> mDefaultCERTValInParamLocalOnly;
static PRStatus IdentityInfoInit(void);
PRCallOnceType mIdentityInfoCallOnce;

159
security/manager/ssl/src/nsNSSIOLayer.cpp
View File

@ -147,7 +147,7 @@ static void
getSecureBrowserUI(nsIInterfaceRequestor * callbacks,
nsISecureBrowserUI ** result)
{
NS_ASSERTION(result != nullptr, "result parameter to getSecureBrowserUI is null");
NS_ASSERTION(result, "result parameter to getSecureBrowserUI is null");
*result = nullptr;
NS_ASSERTION(NS_IsMainThread(),
@ -373,7 +373,7 @@ void nsNSSSocketInfo::GetPreviousCert(nsIX509Cert** _result)
NS_ASSERTION(_result, "_result parameter to GetPreviousCert is null");
*_result = nullptr;
nsRefPtr<PreviousCertRunnable> runnable = new PreviousCertRunnable(mCallbacks);
RefPtr<PreviousCertRunnable> runnable(new PreviousCertRunnable(mCallbacks));
nsresult rv = runnable->DispatchToMainThreadAndWait();
NS_ASSERTION(NS_SUCCEEDED(rv), "runnable->DispatchToMainThreadAndWait() failed");
runnable->mPreviousCert.forget(_result);
@ -834,7 +834,7 @@ class SSLErrorRunnable : public SyncRunnableBase
nsHandleSSLError(mInfoObject, mErrType, mErrorCode);
}
nsRefPtr<nsNSSSocketInfo> mInfoObject;
RefPtr<nsNSSSocketInfo> mInfoObject;
::mozilla::psm::SSLErrorMessageType mErrType;
const PRErrorCode mErrorCode;
};
@ -908,9 +908,9 @@ int32_t checkHandshake(int32_t bytesTransfered, bool wasReading,
// expensive no-op.)
if (!wantRetry && (IS_SSL_ERROR(err) || IS_SEC_ERROR(err)) &&
!socketInfo->GetErrorCode()) {
nsRefPtr<SyncRunnableBase> runnable = new SSLErrorRunnable(socketInfo,
PlainErrorMessage,
err);
RefPtr<SyncRunnableBase> runnable(new SSLErrorRunnable(socketInfo,
PlainErrorMessage,
err));
(void) runnable->DispatchToMainThreadAndWait();
}
}
@ -1042,7 +1042,7 @@ static PRFileDesc *_PSM_InvalidDesc(void)
{
PR_ASSERT(!"I/O method is invalid");
PR_SetError(PR_INVALID_METHOD_ERROR, 0);
return NULL;
return nullptr;
}
static PRStatus PSMGetsockname(PRFileDesc *fd, PRNetAddr *addr)
@ -1212,24 +1212,15 @@ nsresult nsSSLIOLayerHelpers::Init()
mutex = new Mutex("nsSSLIOLayerHelpers.mutex");
mTLSIntolerantSites = new nsTHashtable<nsCStringHashKey>();
if (!mTLSIntolerantSites)
return NS_ERROR_OUT_OF_MEMORY;
mTLSIntolerantSites->Init(1);
mTLSTolerantSites = new nsTHashtable<nsCStringHashKey>();
if (!mTLSTolerantSites)
return NS_ERROR_OUT_OF_MEMORY;
// Initialize the tolerant site hashtable to 16 items at the start seems
// reasonable as most servers are TLS tolerant. We just want to lower
// the rate of hashtable array reallocation.
mTLSTolerantSites->Init(16);
mRenegoUnrestrictedSites = new nsTHashtable<nsCStringHashKey>();
if (!mRenegoUnrestrictedSites)
return NS_ERROR_OUT_OF_MEMORY;
mRenegoUnrestrictedSites->Init(1);
mTreatUnsafeNegotiationAsBroken = false;
@ -1362,7 +1353,7 @@ SECStatus nsConvertCANamesToStrings(PLArenaPool* arena, char** caNameStrings,
char* namestring;
for (n = 0; n < caNames->nnames; n++) {
newitem.data = NULL;
newitem.data = nullptr;
dername = &caNames->names[n];
rv = DER_Lengths(dername, &headerlen, &contentlen);
@ -1379,7 +1370,7 @@ SECStatus nsConvertCANamesToStrings(PLArenaPool* arena, char** caNameStrings,
*/
if (dername->len <= 127) {
newitem.data = (unsigned char *) PR_Malloc(dername->len + 2);
if (newitem.data == NULL) {
if (!newitem.data) {
goto loser;
}
newitem.data[0] = (unsigned char)0x30;
@ -1388,7 +1379,7 @@ SECStatus nsConvertCANamesToStrings(PLArenaPool* arena, char** caNameStrings,
}
else if (dername->len <= 255) {
newitem.data = (unsigned char *) PR_Malloc(dername->len + 3);
if (newitem.data == NULL) {
if (!newitem.data) {
goto loser;
}
newitem.data[0] = (unsigned char)0x30;
@ -1399,7 +1390,7 @@ SECStatus nsConvertCANamesToStrings(PLArenaPool* arena, char** caNameStrings,
else {
/* greater than 256, better be less than 64k */
newitem.data = (unsigned char *) PR_Malloc(dername->len + 4);
if (newitem.data == NULL) {
if (!newitem.data) {
goto loser;
}
newitem.data[0] = (unsigned char)0x30;
@ -1412,26 +1403,26 @@ SECStatus nsConvertCANamesToStrings(PLArenaPool* arena, char** caNameStrings,
}
namestring = CERT_DerNameToAscii(dername);
if (namestring == NULL) {
if (!namestring) {
/* XXX - keep going until we fail to convert the name */
caNameStrings[n] = const_cast<char*>("");
}
else {
caNameStrings[n] = PORT_ArenaStrdup(arena, namestring);
PR_Free(namestring);
if (caNameStrings[n] == NULL) {
if (!caNameStrings[n]) {
goto loser;
}
}
if (newitem.data != NULL) {
if (newitem.data) {
PR_Free(newitem.data);
}
}
return SECSuccess;
loser:
if (newitem.data != NULL) {
if (newitem.data) {
PR_Free(newitem.data);
}
return SECFailure;
@ -1465,7 +1456,7 @@ typedef struct {
/* corresponding ASN1 templates */
static const SEC_ASN1Template cert_CertificateScopeEntryTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTCertificateScopeEntry) },
0, nullptr, sizeof(CERTCertificateScopeEntry) },
{ SEC_ASN1_ANY,
offsetof(CERTCertificateScopeEntry, derConstraint) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER,
@ -1487,16 +1478,16 @@ SECStatus cert_DecodeScopeOfUseEntries(PRArenaPool* arena, SECItem* extData,
CERTCertificateScopeEntry*** entries,
int* numEntries)
{
certCertificateScopeOfUse* scope = NULL;
certCertificateScopeOfUse* scope = nullptr;
SECStatus rv = SECSuccess;
int i;
*entries = NULL; /* in case of failure */
*entries = nullptr; /* in case of failure */
*numEntries = 0; /* ditto */
scope = (certCertificateScopeOfUse*)
PORT_ArenaZAlloc(arena, sizeof(certCertificateScopeOfUse));
if (scope == NULL) {
if (!scope) {
goto loser;
}
@ -1507,10 +1498,10 @@ SECStatus cert_DecodeScopeOfUseEntries(PRArenaPool* arena, SECItem* extData,
}
*entries = scope->entries;
PR_ASSERT(*entries != NULL);
PR_ASSERT(*entries);
/* first, let's count 'em. */
for (i = 0; (*entries)[i] != NULL; i++) ;
for (i = 0; (*entries)[i]; i++) ;
*numEntries = i;
/* convert certCertificateScopeEntry sequence into what we can readily
@ -1519,8 +1510,8 @@ SECStatus cert_DecodeScopeOfUseEntries(PRArenaPool* arena, SECItem* extData,
for (i = 0; i < *numEntries; i++) {
(*entries)[i]->constraint =
CERT_DecodeGeneralName(arena, &((*entries)[i]->derConstraint),
NULL);
if ((*entries)[i]->derPort.data != NULL) {
nullptr);
if ((*entries)[i]->derPort.data) {
(*entries)[i]->port =
(int)DER_GetInteger(&((*entries)[i]->derPort));
}
@ -1545,8 +1536,8 @@ static SECStatus cert_DecodeCertIPAddress(SECItem* genname,
*constraint = 0;
*mask = 0;
PR_ASSERT(genname->data != NULL);
if (genname->data == NULL) {
PR_ASSERT(genname->data);
if (!genname->data) {
return SECFailure;
}
if (genname->len != 8) {
@ -1586,15 +1577,15 @@ static bool CERT_MatchesScopeOfUse(CERTCertificate* cert, char* hostname,
bool rv = true; /* whether the cert can be presented */
SECStatus srv;
SECItem extData;
PLArenaPool* arena = NULL;
CERTCertificateScopeEntry** entries = NULL;
PLArenaPool* arena = nullptr;
CERTCertificateScopeEntry** entries = nullptr;
/* arrays of decoded scope entries */
int numEntries = 0;
int i;
char* hostLower = NULL;
char* hostLower = nullptr;
uint32_t hostIPAddr = 0;
PR_ASSERT((cert != NULL) && (hostname != NULL) && (hostIP != NULL));
PR_ASSERT(cert && hostname && hostIP);
/* find cert extension */
srv = CERT_FindCertExtension(cert, SEC_OID_NS_CERT_EXT_SCOPE_OF_USE,
@ -1608,7 +1599,7 @@ static bool CERT_MatchesScopeOfUse(CERTCertificate* cert, char* hostname,
}
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
if (!arena) {
goto done;
}
@ -1633,8 +1624,8 @@ static bool CERT_MatchesScopeOfUse(CERTCertificate* cert, char* hostname,
*/
CERTGeneralName* genname = entries[i]->constraint;
/* if constraint is NULL, don't bother looking */
if (genname == NULL) {
/* if constraint is nullptr, don't bother looking */
if (!genname) {
/* this is not a failure: just continue */
continue;
}
@ -1644,20 +1635,20 @@ static bool CERT_MatchesScopeOfUse(CERTCertificate* cert, char* hostname,
/* we have a DNS name constraint; we should use only the host name
* information
*/
char* pattern = NULL;
char* substring = NULL;
char* pattern = nullptr;
char* substring = nullptr;
/* null-terminate the string */
genname->name.other.data[genname->name.other.len] = '\0';
pattern = _str_to_lower((char*)genname->name.other.data);
if (hostLower == NULL) {
if (!hostLower) {
/* so that it's done only if necessary and only once */
hostLower = _str_to_lower(PL_strdup(hostname));
}
/* the hostname satisfies the constraint */
if (((substring = strstr(hostLower, pattern)) != NULL) &&
if (((substring = strstr(hostLower, pattern)) != nullptr) &&
/* the hostname contains the pattern */
(strlen(substring) == strlen(pattern)) &&
/* the hostname ends with the pattern */
@ -1719,10 +1710,10 @@ static bool CERT_MatchesScopeOfUse(CERTCertificate* cert, char* hostname,
}
done:
/* clean up entries */
if (arena != NULL) {
if (arena) {
PORT_FreeArena(arena, false);
}
if (hostLower != NULL) {
if (hostLower) {
PR_Free(hostLower);
}
return rv;
@ -1747,7 +1738,7 @@ done:
*/
nsresult nsGetUserCertChoice(SSM_UserCertChoice* certChoice)
{
char *mode=NULL;
char *mode = nullptr;
nsresult ret;
NS_ENSURE_ARG_POINTER(certChoice);
@ -1786,7 +1777,7 @@ static bool hasExplicitKeyUsageNonRepudiation(CERTCertificate *cert)
SECStatus srv;
SECItem keyUsageItem;
keyUsageItem.data = NULL;
keyUsageItem.data = nullptr;
srv = CERT_FindKeyUsageExtension(cert, &keyUsageItem);
if (srv == SECFailure)
@ -1855,8 +1846,8 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
return SECFailure;
}
nsRefPtr<nsNSSSocketInfo> info
= reinterpret_cast<nsNSSSocketInfo*>(socket->higher->secret);
RefPtr<nsNSSSocketInfo> info(
reinterpret_cast<nsNSSSocketInfo*>(socket->higher->secret));
CERTCertificate* serverCert = SSL_PeerCertificate(socket);
if (!serverCert) {
@ -1879,8 +1870,8 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
}
// XXX: This should be done asynchronously; see bug 696976
nsRefPtr<ClientAuthDataRunnable> runnable =
new ClientAuthDataRunnable(caNames, pRetCert, pRetKey, info, serverCert);
RefPtr<ClientAuthDataRunnable> runnable(
new ClientAuthDataRunnable(caNames, pRetCert, pRetKey, info, serverCert));
nsresult rv = runnable->DispatchToMainThreadAndWait();
if (NS_FAILED(rv)) {
PR_SetError(SEC_ERROR_NO_MEMORY, 0);
@ -1899,14 +1890,14 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
void ClientAuthDataRunnable::RunOnTargetThread()
{
PLArenaPool* arena = NULL;
PLArenaPool* arena = nullptr;
char** caNameStrings;
CERTCertificate* cert = NULL;
SECKEYPrivateKey* privKey = NULL;
CERTCertList* certList = NULL;
CERTCertificate* cert = nullptr;
SECKEYPrivateKey* privKey = nullptr;
CERTCertList* certList = nullptr;
CERTCertListNode* node;
CERTCertNicknames* nicknames = NULL;
char* extracted = NULL;
CERTCertNicknames* nicknames = nullptr;
char* extracted = nullptr;
int keyError = 0; /* used for private key retrieval error */
SSM_UserCertChoice certChoice;
int32_t NumberOfCerts = 0;
@ -1914,13 +1905,13 @@ void ClientAuthDataRunnable::RunOnTargetThread()
/* create caNameStrings */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
if (!arena) {
goto loser;
}
caNameStrings = (char**)PORT_ArenaAlloc(arena,
sizeof(char*)*(mCANames->nnames));
if (caNameStrings == NULL) {
if (!caNameStrings) {
goto loser;
}
@ -1942,7 +1933,7 @@ void ClientAuthDataRunnable::RunOnTargetThread()
certList = CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(),
certUsageSSLClient, false,
true, wincx);
if (certList == NULL) {
if (!certList) {
goto noCert;
}
@ -1959,7 +1950,7 @@ void ClientAuthDataRunnable::RunOnTargetThread()
goto noCert;
}
CERTCertificate* low_prio_nonrep_cert = NULL;
CERTCertificate* low_prio_nonrep_cert = nullptr;
CERTCertificateCleaner low_prio_cleaner(low_prio_nonrep_cert);
/* loop through the list until we find a cert with a key */
@ -1976,10 +1967,10 @@ void ClientAuthDataRunnable::RunOnTargetThread()
#endif
privKey = PK11_FindKeyByAnyCert(node->cert, wincx);
if (privKey != NULL) {
if (privKey) {
if (hasExplicitKeyUsageNonRepudiation(node->cert)) {
SECKEY_DestroyPrivateKey(privKey);
privKey = NULL;
privKey = nullptr;
// Not a prefered cert
if (!low_prio_nonrep_cert) // did not yet find a low prio cert
low_prio_nonrep_cert = CERT_DupCertificate(node->cert);
@ -2001,11 +1992,11 @@ void ClientAuthDataRunnable::RunOnTargetThread()
if (!cert && low_prio_nonrep_cert) {
cert = low_prio_nonrep_cert;
low_prio_nonrep_cert = NULL; // take it away from the cleaner
low_prio_nonrep_cert = nullptr; // take it away from the cleaner
privKey = PK11_FindKeyByAnyCert(cert, wincx);
}
if (cert == NULL) {
if (!cert) {
goto noCert;
}
}
@ -2018,9 +2009,9 @@ void ClientAuthDataRunnable::RunOnTargetThread()
nsresult rv;
NS_DEFINE_CID(nssComponentCID, NS_NSSCOMPONENT_CID);
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(nssComponentCID, &rv));
nsRefPtr<nsClientAuthRememberService> cars;
RefPtr<nsClientAuthRememberService> cars;
if (nssComponent) {
nssComponent->GetClientAuthRememberService(getter_AddRefs(cars));
nssComponent->GetClientAuthRememberService(byRef(cars));
}
bool hasRemembered = false;
@ -2080,17 +2071,17 @@ if (hasRemembered)
if (!hasRemembered)
{
/* user selects a cert to present */
nsIClientAuthDialogs *dialogs = NULL;
nsIClientAuthDialogs *dialogs = nullptr;
int32_t selectedIndex = -1;
PRUnichar **certNicknameList = NULL;
PRUnichar **certDetailsList = NULL;
PRUnichar **certNicknameList = nullptr;
PRUnichar **certDetailsList = nullptr;
/* find all user certs that are for SSL */
/* note that we are allowing expired certs in this list */
certList = CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(),
certUsageSSLClient, false,
false, wincx);
if (certList == NULL) {
if (!certList) {
goto noCert;
}
@ -2134,7 +2125,7 @@ if (!hasRemembered)
nicknames = getNSSCertNicknamesFromCertList(certList);
if (nicknames == NULL) {
if (!nicknames) {
goto loser;
}
@ -2186,7 +2177,7 @@ if (!hasRemembered)
node = CERT_LIST_NEXT(node)
)
{
nsRefPtr<nsNSSCertificate> tempCert = nsNSSCertificate::Create(node->cert);
RefPtr<nsNSSCertificate> tempCert(nsNSSCertificate::Create(node->cert));
if (!tempCert)
continue;
@ -2263,13 +2254,13 @@ if (!hasRemembered)
if (canceled) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
if (cert == NULL) {
if (!cert) {
goto loser;
}
/* go get the private key */
privKey = PK11_FindKeyByAnyCert(cert, wincx);
if (privKey == NULL) {
if (!privKey) {
keyError = PR_GetError();
if (keyError == SEC_ERROR_BAD_PASSWORD) {
/* problem with password: bail */
@ -2287,23 +2278,23 @@ loser:
if (mRV == SECSuccess) {
mRV = SECFailure;
}
if (cert != NULL) {
if (cert) {
CERT_DestroyCertificate(cert);
cert = NULL;
cert = nullptr;
}
done:
int error = PR_GetError();
if (extracted != NULL) {
if (extracted) {
PR_Free(extracted);
}
if (nicknames != NULL) {
if (nicknames) {
CERT_FreeNicknames(nicknames);
}
if (certList != NULL) {
if (certList) {
CERT_DestroyCertList(certList);
}
if (arena != NULL) {
if (arena) {
PORT_FreeArena(arena, false);
}
@ -2332,7 +2323,7 @@ nsSSLIOLayerImportFD(PRFileDesc *fd,
// Disable this hook if we connect anonymously. See bug 466080.
if (anonymousLoad) {
SSL_GetClientAuthDataHook(sslSock, NULL, infoObject);
SSL_GetClientAuthDataHook(sslSock, nullptr, infoObject);
} else {
SSL_GetClientAuthDataHook(sslSock,
(SSLGetClientAuthData)nsNSS_SSLGetClientAuthData,

1
security/manager/ssl/src/nsNSSIOLayer.h
View File

@ -10,7 +10,6 @@
#include "TransportSecurityInfo.h"
#include "nsISSLSocketControl.h"
#include "nsIClientAuthDialogs.h"
#include "nsAutoPtr.h"
#include "nsNSSCertificate.h"
#include "nsDataHashtable.h"
#include "nsTHashtable.h"

94
security/manager/ssl/src/nsNSSModule.cpp
View File

@ -52,12 +52,6 @@
PR_BEGIN_MACRO \
_InstanceClass * inst; \
inst = new _InstanceClass(); \
if (NULL == inst) { \
if (ensureOperator == nssLoadingComponent) \
EnsureNSSInitialized(nssInitFailed); \
rv = NS_ERROR_OUT_OF_MEMORY; \
return rv; \
} \
NS_ADDREF(inst); \
rv = inst->QueryInterface(aIID, aResult); \
NS_RELEASE(inst); \
@ -67,12 +61,6 @@
PR_BEGIN_MACRO \
_InstanceClass * inst; \
inst = new _InstanceClass(); \
if (NULL == inst) { \
if (ensureOperator == nssLoadingComponent) \
EnsureNSSInitialized(nssInitFailed); \
rv = NS_ERROR_OUT_OF_MEMORY; \
return rv; \
} \
NS_ADDREF(inst); \
rv = inst->_InitMethod(); \
if(NS_SUCCEEDED(rv)) { \
@ -99,8 +87,8 @@ _InstanceClassChrome##Constructor(nsISupports *aOuter, REFNSIID aIID, \
{ \
nsresult rv; \
\
*aResult = NULL; \
if (NULL != aOuter) { \
*aResult = nullptr; \
if (nullptr != aOuter) { \
rv = NS_ERROR_NO_AGGREGATION; \
return rv; \
} \
@ -143,8 +131,8 @@ _InstanceClassChrome##Constructor(nsISupports *aOuter, REFNSIID aIID, \
{ \
nsresult rv; \
\
*aResult = NULL; \
if (NULL != aOuter) { \
*aResult = nullptr; \
if (nullptr != aOuter) { \
rv = NS_ERROR_NO_AGGREGATION; \
return rv; \
} \
@ -262,43 +250,43 @@ NS_DEFINE_NAMED_CID(NS_NSSERRORSSERVICE_CID);
NS_DEFINE_NAMED_CID(NS_NSSVERSION_CID);
static const mozilla::Module::CIDEntry kNSSCIDs[] = {
{ &kNS_NSSCOMPONENT_CID, false, NULL, nsNSSComponentConstructor },
{ &kNS_SSLSOCKETPROVIDER_CID, false, NULL, nsSSLSocketProviderConstructor },
{ &kNS_STARTTLSSOCKETPROVIDER_CID, false, NULL, nsTLSSocketProviderConstructor },
{ &kNS_SDR_CID, false, NULL, nsSecretDecoderRingConstructor },
{ &kNS_PK11TOKENDB_CID, false, NULL, nsPK11TokenDBConstructor },
{ &kNS_PKCS11MODULEDB_CID, false, NULL, nsPKCS11ModuleDBConstructor },
{ &kNS_PSMCONTENTLISTEN_CID, false, NULL, PSMContentListenerConstructor },
{ &kNS_X509CERT_CID, false, NULL, nsNSSCertificateConstructor },
{ &kNS_X509CERTDB_CID, false, NULL, nsNSSCertificateDBConstructor },
{ &kNS_NSSCERTCACHE_CID, false, NULL, nsNSSCertCacheConstructor },
{ &kNS_FORMPROCESSOR_CID, false, NULL, nsKeygenFormProcessor::Create },
{ &kNS_NSSCOMPONENT_CID, false, nullptr, nsNSSComponentConstructor },
{ &kNS_SSLSOCKETPROVIDER_CID, false, nullptr, nsSSLSocketProviderConstructor },
{ &kNS_STARTTLSSOCKETPROVIDER_CID, false, nullptr, nsTLSSocketProviderConstructor },
{ &kNS_SDR_CID, false, nullptr, nsSecretDecoderRingConstructor },
{ &kNS_PK11TOKENDB_CID, false, nullptr, nsPK11TokenDBConstructor },
{ &kNS_PKCS11MODULEDB_CID, false, nullptr, nsPKCS11ModuleDBConstructor },
{ &kNS_PSMCONTENTLISTEN_CID, false, nullptr, PSMContentListenerConstructor },
{ &kNS_X509CERT_CID, false, nullptr, nsNSSCertificateConstructor },
{ &kNS_X509CERTDB_CID, false, nullptr, nsNSSCertificateDBConstructor },
{ &kNS_NSSCERTCACHE_CID, false, nullptr, nsNSSCertCacheConstructor },
{ &kNS_FORMPROCESSOR_CID, false, nullptr, nsKeygenFormProcessor::Create },
#ifdef MOZ_XUL
{ &kNS_CERTTREE_CID, false, NULL, nsCertTreeConstructor },
{ &kNS_CERTTREE_CID, false, nullptr, nsCertTreeConstructor },
#endif
{ &kNS_PKCS11_CID, false, NULL, nsPkcs11Constructor },
{ &kNS_CRYPTO_CID, false, NULL, nsCryptoConstructor },
{ &kNS_CMSSECUREMESSAGE_CID, false, NULL, nsCMSSecureMessageConstructor },
{ &kNS_CMSDECODER_CID, false, NULL, nsCMSDecoderConstructor },
{ &kNS_CMSENCODER_CID, false, NULL, nsCMSEncoderConstructor },
{ &kNS_CMSMESSAGE_CID, false, NULL, nsCMSMessageConstructor },
{ &kNS_CRYPTO_HASH_CID, false, NULL, nsCryptoHashConstructor },
{ &kNS_CRYPTO_HMAC_CID, false, NULL, nsCryptoHMACConstructor },
{ &kNS_CERT_PICKER_CID, false, NULL, nsCertPickerConstructor },
{ &kNS_CRLMANAGER_CID, false, NULL, nsCRLManagerConstructor },
{ &kNS_NTLMAUTHMODULE_CID, false, NULL, nsNTLMAuthModuleConstructor },
{ &kNS_STREAMCIPHER_CID, false, NULL, nsStreamCipherConstructor },
{ &kNS_KEYMODULEOBJECT_CID, false, NULL, nsKeyObjectConstructor },
{ &kNS_KEYMODULEOBJECTFACTORY_CID, false, NULL, nsKeyObjectFactoryConstructor },
{ &kNS_DATASIGNATUREVERIFIER_CID, false, NULL, nsDataSignatureVerifierConstructor },
{ &kNS_CERTOVERRIDE_CID, false, NULL, nsCertOverrideServiceConstructor },
{ &kNS_RANDOMGENERATOR_CID, false, NULL, nsRandomGeneratorConstructor },
{ &kNS_RECENTBADCERTS_CID, false, NULL, nsRecentBadCertsServiceConstructor },
{ &kNS_SSLSTATUS_CID, false, NULL, nsSSLStatusConstructor },
{ &kTRANSPORTSECURITYINFO_CID, false, NULL, TransportSecurityInfoConstructor },
{ &kNS_NSSERRORSSERVICE_CID, false, NULL, NSSErrorsServiceConstructor },
{ &kNS_NSSVERSION_CID, false, NULL, nsNSSVersionConstructor },
{ NULL }
{ &kNS_PKCS11_CID, false, nullptr, nsPkcs11Constructor },
{ &kNS_CRYPTO_CID, false, nullptr, nsCryptoConstructor },
{ &kNS_CMSSECUREMESSAGE_CID, false, nullptr, nsCMSSecureMessageConstructor },
{ &kNS_CMSDECODER_CID, false, nullptr, nsCMSDecoderConstructor },
{ &kNS_CMSENCODER_CID, false, nullptr, nsCMSEncoderConstructor },
{ &kNS_CMSMESSAGE_CID, false, nullptr, nsCMSMessageConstructor },
{ &kNS_CRYPTO_HASH_CID, false, nullptr, nsCryptoHashConstructor },
{ &kNS_CRYPTO_HMAC_CID, false, nullptr, nsCryptoHMACConstructor },
{ &kNS_CERT_PICKER_CID, false, nullptr, nsCertPickerConstructor },
{ &kNS_CRLMANAGER_CID, false, nullptr, nsCRLManagerConstructor },
{ &kNS_NTLMAUTHMODULE_CID, false, nullptr, nsNTLMAuthModuleConstructor },
{ &kNS_STREAMCIPHER_CID, false, nullptr, nsStreamCipherConstructor },
{ &kNS_KEYMODULEOBJECT_CID, false, nullptr, nsKeyObjectConstructor },
{ &kNS_KEYMODULEOBJECTFACTORY_CID, false, nullptr, nsKeyObjectFactoryConstructor },
{ &kNS_DATASIGNATUREVERIFIER_CID, false, nullptr, nsDataSignatureVerifierConstructor },
{ &kNS_CERTOVERRIDE_CID, false, nullptr, nsCertOverrideServiceConstructor },
{ &kNS_RANDOMGENERATOR_CID, false, nullptr, nsRandomGeneratorConstructor },
{ &kNS_RECENTBADCERTS_CID, false, nullptr, nsRecentBadCertsServiceConstructor },
{ &kNS_SSLSTATUS_CID, false, nullptr, nsSSLStatusConstructor },
{ &kTRANSPORTSECURITYINFO_CID, false, nullptr, TransportSecurityInfoConstructor },
{ &kNS_NSSERRORSSERVICE_CID, false, nullptr, NSSErrorsServiceConstructor },
{ &kNS_NSSVERSION_CID, false, nullptr, nsNSSVersionConstructor },
{ nullptr }
};
static const mozilla::Module::ContractIDEntry kNSSContracts[] = {
@ -337,7 +325,7 @@ static const mozilla::Module::ContractIDEntry kNSSContracts[] = {
{ NS_CERTOVERRIDE_CONTRACTID, &kNS_CERTOVERRIDE_CID },
{ NS_RANDOMGENERATOR_CONTRACTID, &kNS_RANDOMGENERATOR_CID },
{ NS_RECENTBADCERTS_CONTRACTID, &kNS_RECENTBADCERTS_CID },
{ NULL }
{ nullptr }
};
static const mozilla::Module::CategoryEntry kNSSCategories[] = {
@ -348,7 +336,7 @@ static const mozilla::Module::CategoryEntry kNSSCategories[] = {
{ NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-pkcs7-crl", "@mozilla.org/uriloader/psm-external-content-listener;1" },
{ NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-crl", "@mozilla.org/uriloader/psm-external-content-listener;1" },
{ NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/pkix-crl", "@mozilla.org/uriloader/psm-external-content-listener;1" },
{ NULL }
{ nullptr }
};
static const mozilla::Module kNSSModule = {

2
security/manager/ssl/src/nsNSSShutDown.h
View File

@ -76,7 +76,7 @@ private:
bool mIsUIForbidden;
// nullptr means "no restriction"
// if != nullptr, activity is only allowed on that thread
// if not null, activity is only allowed on that thread
PRThread* mNSSRestrictedThread;
};

4
security/manager/ssl/src/nsNTLMAuthModule.cpp
View File

@ -223,7 +223,7 @@ static void LogToken(const char *name, const void *token, uint32_t tokenLen)
if (!LOG_ENABLED())
return;
char *b64data = PL_Base64Encode((const char *) token, tokenLen, NULL);
char *b64data = PL_Base64Encode((const char *) token, tokenLen, nullptr);
if (b64data)
{
PR_LogPrint("%s: %s\n", name, b64data);
@ -528,7 +528,7 @@ ParseType2Msg(const void *inBuf, uint32_t inLen, Type2Msg *msg)
{
// Do not error out, for (conservative) backward compatibility.
msg->targetLen = 0;
msg->target = NULL;
msg->target = nullptr;
}
// read flags

13
security/manager/ssl/src/nsPK11TokenDB.cpp
View File

@ -374,8 +374,8 @@ NS_IMETHODIMP nsPK11Token::ChangePassword(const PRUnichar *oldPassword, const PR
NS_ConvertUTF16toUTF8 aUtf8NewPassword(newPassword);
rv = PK11_ChangePW(mSlot,
(oldPassword != NULL ? const_cast<char *>(aUtf8OldPassword.get()) : NULL),
(newPassword != NULL ? const_cast<char *>(aUtf8NewPassword.get()) : NULL));
(oldPassword ? const_cast<char *>(aUtf8OldPassword.get()) : nullptr),
(newPassword ? const_cast<char *>(aUtf8NewPassword.get()) : nullptr));
return (rv == SECSuccess) ? NS_OK : NS_ERROR_FAILURE;
}
@ -447,8 +447,6 @@ NS_IMETHODIMP nsPK11TokenDB::GetInternalKeyToken(nsIPK11Token **_retval)
if (!slot) { rv = NS_ERROR_FAILURE; goto done; }
token = new nsPK11Token(slot);
if (!token) { rv = NS_ERROR_OUT_OF_MEMORY; goto done; }
*_retval = token;
NS_ADDREF(*_retval);
@ -469,8 +467,6 @@ FindTokenByName(const PRUnichar* tokenName, nsIPK11Token **_retval)
if (!slot) { rv = NS_ERROR_FAILURE; goto done; }
*_retval = new nsPK11Token(slot);
if (!*_retval) { rv = NS_ERROR_OUT_OF_MEMORY; goto done; }
NS_ADDREF(*_retval);
done:
@ -498,10 +494,7 @@ NS_IMETHODIMP nsPK11TokenDB::ListTokens(nsIEnumerator* *_retval)
for (le = PK11_GetFirstSafe(list); le; le = PK11_GetNextSafe(list, le, false)) {
nsCOMPtr<nsIPK11Token> token = new nsPK11Token(le->slot);
rv = token
? array->AppendElement(token)
: NS_ERROR_OUT_OF_MEMORY;
rv = array->AppendElement(token);
if (NS_FAILED(rv)) {
PK11_FreeSlotListElement(list, le);
rv = NS_ERROR_OUT_OF_MEMORY;

28
security/manager/ssl/src/nsPKCS11Slot.cpp
View File

@ -176,8 +176,6 @@ nsPKCS11Slot::GetToken(nsIPK11Token **_retval)
return NS_ERROR_NOT_AVAILABLE;
nsCOMPtr<nsIPK11Token> token = new nsPK11Token(mSlot);
if (!token)
return NS_ERROR_OUT_OF_MEMORY;
*_retval = token;
NS_ADDREF(*_retval);
return NS_OK;
@ -219,7 +217,7 @@ nsPKCS11Slot::GetStatus(uint32_t *_retval)
*_retval = SLOT_NOT_PRESENT;
else if (PK11_NeedLogin(mSlot) && PK11_NeedUserInit(mSlot))
*_retval = SLOT_UNINITIALIZED;
else if (PK11_NeedLogin(mSlot) && !PK11_IsLoggedIn(mSlot, NULL))
else if (PK11_NeedLogin(mSlot) && !PK11_IsLoggedIn(mSlot, nullptr))
*_retval = SLOT_NOT_LOGGED_IN;
else if (PK11_NeedLogin(mSlot))
*_retval = SLOT_LOGGED_IN;
@ -289,7 +287,7 @@ nsPKCS11Module::GetLibName(PRUnichar **aName)
if ( mModule->dllName ) {
*aName = ToNewUnicode(NS_ConvertUTF8toUTF16(mModule->dllName));
} else {
*aName = NULL;
*aName = nullptr;
}
return NS_OK;
}
@ -305,13 +303,13 @@ nsPKCS11Module::FindSlotByName(const PRUnichar *aName,
char *asciiname = ToNewUTF8String(nsDependentString(aName));
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting \"%s\"\n", asciiname));
PK11SlotInfo *slotinfo = NULL;
PK11SlotInfo *slotinfo = nullptr;
PK11SlotList *slotList = PK11_FindSlotsByNames(mModule->dllName,
asciiname /* slotName */, NULL /* token Name */, false);
asciiname /* slotName */, nullptr /* token Name */, false);
if (!slotList) {
/* name must be the token name */
slotList = PK11_FindSlotsByNames(mModule->dllName,
NULL /*slot Name */, asciiname /* token Name */, false);
nullptr /*slot Name */, asciiname /* token Name */, false);
}
if (slotList) {
/* should only be one */
@ -322,7 +320,7 @@ nsPKCS11Module::FindSlotByName(const PRUnichar *aName,
}
if (!slotinfo) {
// workaround - the builtin module has no name
if (asciiname == nullptr) {
if (!asciiname) {
return NS_ERROR_FAILURE;
} else if (nsCRT::strcmp(asciiname, "Root Certificates") == 0) {
slotinfo = PK11_ReferenceSlot(mModule->slots[0]);
@ -335,8 +333,6 @@ nsPKCS11Module::FindSlotByName(const PRUnichar *aName,
nsMemory::Free(asciiname);
nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(slotinfo);
PK11_FreeSlot(slotinfo);
if (!slot)
return NS_ERROR_OUT_OF_MEMORY;
*_retval = slot;
NS_ADDREF(*_retval);
return NS_OK;
@ -389,11 +385,9 @@ nsPKCS11ModuleDB::GetInternal(nsIPKCS11Module **_retval)
{
nsNSSShutDownPreventionLock locker;
SECMODModule *nssMod =
SECMOD_CreateModule(NULL,SECMOD_INT_NAME, NULL,SECMOD_INT_FLAGS);
SECMOD_CreateModule(nullptr, SECMOD_INT_NAME, nullptr, SECMOD_INT_FLAGS);
nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(nssMod);
SECMOD_DestroyModule(nssMod);
if (!module)
return NS_ERROR_OUT_OF_MEMORY;
*_retval = module;
NS_ADDREF(*_retval);
return NS_OK;
@ -405,11 +399,9 @@ nsPKCS11ModuleDB::GetInternalFIPS(nsIPKCS11Module **_retval)
{
nsNSSShutDownPreventionLock locker;
SECMODModule *nssMod =
SECMOD_CreateModule(NULL, SECMOD_FIPS_NAME, NULL, SECMOD_FIPS_FLAGS);
SECMOD_CreateModule(nullptr, SECMOD_FIPS_NAME, nullptr, SECMOD_FIPS_FLAGS);
nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(nssMod);
SECMOD_DestroyModule(nssMod);
if (!module)
return NS_ERROR_OUT_OF_MEMORY;
*_retval = module;
NS_ADDREF(*_retval);
return NS_OK;
@ -428,8 +420,6 @@ nsPKCS11ModuleDB::FindModuleByName(const PRUnichar *aName,
return NS_ERROR_FAILURE;
nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(mod);
SECMOD_DestroyModule(mod);
if (!module)
return NS_ERROR_OUT_OF_MEMORY;
*_retval = module;
NS_ADDREF(*_retval);
return NS_OK;
@ -451,8 +441,6 @@ nsPKCS11ModuleDB::FindSlotByName(const PRUnichar *aName,
return NS_ERROR_FAILURE;
nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(slotinfo);
PK11_FreeSlot(slotinfo);
if (!slot)
return NS_ERROR_OUT_OF_MEMORY;
*_retval = slot;
NS_ADDREF(*_retval);
return NS_OK;

36
security/manager/ssl/src/nsPKCS12Blob.cpp
View File

@ -102,7 +102,7 @@ nsPKCS12Blob::ImportFromFile(nsIFile *file)
if (!mToken) {
if (!mTokenSet) {
rv = SetToken(NULL); // Ask the user to pick a slot
rv = SetToken(nullptr); // Ask the user to pick a slot
if (NS_FAILED(rv)) {
handleError(PIP_PKCS12_USER_CANCELED);
return rv;
@ -142,12 +142,12 @@ nsPKCS12Blob::ImportFromFileHelper(nsIFile *file,
nsNSSShutDownPreventionLock locker;
nsresult rv;
SECStatus srv = SECSuccess;
SEC_PKCS12DecoderContext *dcx = NULL;
SEC_PKCS12DecoderContext *dcx = nullptr;
SECItem unicodePw;
PK11SlotInfo *slot=nullptr;
nsXPIDLString tokenName;
unicodePw.data = NULL;
unicodePw.data = nullptr;
aWantRetry = rr_do_not_retry;
@ -160,7 +160,7 @@ nsPKCS12Blob::ImportFromFileHelper(nsIFile *file,
// get file password (unicode)
rv = getPKCS12FilePassword(&unicodePw);
if (NS_FAILED(rv)) goto finish;
if (unicodePw.data == NULL) {
if (!unicodePw.data) {
handleError(PIP_PKCS12_USER_CANCELED);
return NS_OK;
}
@ -177,7 +177,7 @@ nsPKCS12Blob::ImportFromFileHelper(nsIFile *file,
}
// initialize the decoder
dcx = SEC_PKCS12DecoderStart(&unicodePw, slot, NULL,
dcx = SEC_PKCS12DecoderStart(&unicodePw, slot, nullptr,
digest_open, digest_close,
digest_read, digest_write,
this);
@ -260,7 +260,7 @@ nsPKCS12Blob::LoadCerts(const PRUnichar **certNames, int numCerts)
/* Add the certs */
for (int i=0; i<numCerts; i++) {
strcpy(namecpy, NS_ConvertUTF16toUTF8(certNames[i]));
CERTCertificate *nssCert = PK11_FindCertFromNickname(namecpy, NULL);
CERTCertificate *nssCert = PK11_FindCertFromNickname(namecpy, nullptr);
if (!nssCert) {
if (!handleError())
return NS_ERROR_FAILURE;
@ -290,7 +290,7 @@ isExtractable(SECKEYPrivateKey *privKey)
if (rv != SECSuccess) {
return false;
}
if ((value.len == 1) && (value.data != NULL)) {
if ((value.len == 1) && value.data) {
isExtractable = !!(*(CK_BBOOL*)value.data);
}
SECITEM_FreeItem(&value, false);
@ -314,8 +314,8 @@ nsPKCS12Blob::ExportToFile(nsIFile *file,
nsNSSShutDownPreventionLock locker;
nsresult rv;
SECStatus srv = SECSuccess;
SEC_PKCS12ExportContext *ecx = NULL;
SEC_PKCS12SafeInfo *certSafe = NULL, *keySafe = NULL;
SEC_PKCS12ExportContext *ecx = nullptr;
SEC_PKCS12SafeInfo *certSafe = nullptr, *keySafe = nullptr;
SECItem unicodePw;
nsAutoString filePath;
int i;
@ -329,16 +329,16 @@ nsPKCS12Blob::ExportToFile(nsIFile *file,
rv = mToken->Login(true);
if (NS_FAILED(rv)) goto finish;
// get file password (unicode)
unicodePw.data = NULL;
unicodePw.data = nullptr;
rv = newPKCS12FilePassword(&unicodePw);
if (NS_FAILED(rv)) goto finish;
if (unicodePw.data == NULL) {
if (!unicodePw.data) {
handleError(PIP_PKCS12_USER_CANCELED);
return NS_OK;
}
// what about slotToUse in psm 1.x ???
// create export context
ecx = SEC_PKCS12CreateExportContext(NULL, NULL, NULL /*slot*/, NULL);
ecx = SEC_PKCS12CreateExportContext(nullptr, nullptr, nullptr /*slot*/, nullptr);
if (!ecx) {
srv = SECFailure;
goto finish;
@ -393,7 +393,7 @@ nsPKCS12Blob::ExportToFile(nsIFile *file,
}
// XXX this is why, to verify the slot is the same
// PK11_FindObjectForCert(nssCert, NULL, slot);
// PK11_FindObjectForCert(nssCert, nullptr, slot);
// create the cert and key safes
keySafe = SEC_PKCS12CreateUnencryptedSafe(ecx);
if (!SEC_PKCS12IsEncryptionAllowed() || PK11_IsFIPS()) {
@ -407,9 +407,9 @@ nsPKCS12Blob::ExportToFile(nsIFile *file,
goto finish;
}
// add the cert and key to the blob
srv = SEC_PKCS12AddCertAndKey(ecx, certSafe, NULL, nssCert,
srv = SEC_PKCS12AddCertAndKey(ecx, certSafe, nullptr, nssCert,
CERT_GetDefaultCertDB(), // XXX
keySafe, NULL, true, &unicodePw,
keySafe, nullptr, true, &unicodePw,
SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC);
if (srv) goto finish;
// cert was dup'ed, so release it
@ -419,7 +419,7 @@ nsPKCS12Blob::ExportToFile(nsIFile *file,
if (!numCertsExported) goto finish;
// prepare the instance to write to an export file
this->mTmpFile = NULL;
this->mTmpFile = nullptr;
file->GetPath(filePath);
// Use the nsCOMPtr var localFileRef so that
// the reference to the nsIFile we create gets released as soon as
@ -449,7 +449,7 @@ finish:
SEC_PKCS12DestroyExportContext(ecx);
if (this->mTmpFile) {
PR_Close(this->mTmpFile);
this->mTmpFile = NULL;
this->mTmpFile = nullptr;
}
SECITEM_ZfreeItem(&unicodePw, false);
return rv;
@ -471,7 +471,7 @@ nsPKCS12Blob::unicodeToItem(const PRUnichar *uni, SECItem *item)
{
int len = 0;
while (uni[len++] != 0);
SECITEM_AllocItem(NULL, item, sizeof(PRUnichar) * len);
SECITEM_AllocItem(nullptr, item, sizeof(PRUnichar) * len);
#ifdef IS_LITTLE_ENDIAN
int i = 0;
for (i=0; i<len; i++) {

2
security/manager/ssl/src/nsPKCS12Blob.h
View File

@ -15,10 +15,8 @@
#include "nss.h"
extern "C" {
#include "pkcs12.h"
#include "p12plcy.h"
}
class nsIX509Cert;

6
security/manager/ssl/src/nsProtectedAuthThread.cpp
View File

@ -3,8 +3,8 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "pk11func.h"
#include "mozilla/RefPtr.h"
#include "nsCOMPtr.h"
#include "nsAutoPtr.h"
#include "PSMRunnable.h"
#include "nsString.h"
#include "nsReadableUtils.h"
@ -84,13 +84,11 @@ NS_IMETHODIMP nsProtectedAuthThread::GetTokenName(nsAString &_retval)
NS_IMETHODIMP nsProtectedAuthThread::GetSlot(nsIPKCS11Slot **_retval)
{
nsRefPtr<nsPKCS11Slot> slot;
RefPtr<nsPKCS11Slot> slot;
{
MutexAutoLock lock(mMutex);
slot = new nsPKCS11Slot(mSlot);
}
if (!slot)
return NS_ERROR_OUT_OF_MEMORY;
return CallQueryInterface (slot.get(), _retval);
}

7
security/manager/ssl/src/nsRecentBadCerts.cpp
View File

@ -6,14 +6,13 @@
#include "nsRecentBadCerts.h"
#include "nsIX509Cert.h"
#include "mozilla/RefPtr.h"
#include "nsSSLStatus.h"
#include "nsCOMPtr.h"
#include "nsAutoPtr.h"
#include "nsNSSCertificate.h"
#include "nsCRT.h"
#include "nsPromiseFlatString.h"
#include "nsStringBuffer.h"
#include "nsAutoPtr.h"
#include "nspr.h"
#include "pk11pub.h"
#include "certdb.h"
@ -53,9 +52,7 @@ nsRecentBadCertsService::GetRecentBadCert(const nsAString & aHostNameWithPort,
return NS_ERROR_INVALID_ARG;
*aStatus = nullptr;
nsRefPtr<nsSSLStatus> status = new nsSSLStatus();
if (!status)
return NS_ERROR_OUT_OF_MEMORY;
RefPtr<nsSSLStatus> status(new nsSSLStatus());
SECItem foundDER;
foundDER.len = 0;

10
security/manager/ssl/src/nsSDR.cpp
View File

@ -58,7 +58,6 @@ Encrypt(unsigned char * data, int32_t dataLen, unsigned char * *result, int32_t
SECItem reply;
SECStatus s;
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
if (!ctx) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; }
slot = PK11_GetInternalKeySlot();
if (!slot) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
@ -101,7 +100,6 @@ Decrypt(unsigned char * data, int32_t dataLen, unsigned char * *result, int32_t
SECItem request;
SECItem reply;
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
if (!ctx) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; }
*result = 0;
*_retval = 0;
@ -140,7 +138,7 @@ EncryptString(const char *text, char **_retval)
unsigned char *encrypted = 0;
int32_t eLen;
if (text == nullptr || _retval == nullptr) {
if (!text || !_retval) {
rv = NS_ERROR_INVALID_POINTER;
goto loser;
}
@ -168,7 +166,7 @@ DecryptString(const char *crypt, char **_retval)
unsigned char *decrypted = 0;
int32_t decryptedLen;
if (crypt == nullptr || _retval == nullptr) {
if (!crypt || !_retval) {
rv = NS_ERROR_INVALID_POINTER;
goto loser;
}
@ -297,7 +295,7 @@ encode(const unsigned char *data, int32_t dataLen, char **_retval)
{
nsresult rv = NS_OK;
char *result = PL_Base64Encode((const char *)data, dataLen, NULL);
char *result = PL_Base64Encode((const char *)data, dataLen, nullptr);
if (!result) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; }
*_retval = NS_strdup(result);
@ -321,7 +319,7 @@ decode(const char *data, unsigned char **result, int32_t * _retval)
if (data[len-2] == '=') adjust++;
}
*result = (unsigned char *)PL_Base64Decode(data, len, NULL);
*result = (unsigned char *)PL_Base64Decode(data, len, nullptr);
if (!*result) { rv = NS_ERROR_ILLEGAL_VALUE; goto loser; }
*_retval = (len*3)/4 - adjust;

3
security/manager/ssl/src/nsSSLStatus.h
View File

@ -8,8 +8,7 @@
#define _NSSSLSTATUS_H
#include "nsISSLStatus.h"
#include "nsAutoPtr.h"
#include "nsCOMPtr.h"
#include "nsXPIDLString.h"
#include "nsIX509Cert.h"
#include "nsISerializable.h"

9
security/manager/ssl/src/nsSmartCardMonitor.cpp
View File

@ -89,11 +89,8 @@ SmartCardThreadList::Add(SmartCardMonitoringThread *thread)
{
SmartCardThreadEntry *current = new SmartCardThreadEntry(thread, head, nullptr,
&head);
if (current) {
// OK to forget current here, it's on the list
return thread->Start();
}
return NS_ERROR_OUT_OF_MEMORY;
// OK to forget current here, it's on the list
return thread->Start();
}
@ -275,7 +272,7 @@ void SmartCardMonitoringThread::Execute()
// loop starts..
do {
slot = SECMOD_WaitForAnyTokenEvent(mModule, 0, PR_SecondsToInterval(1) );
if (slot == nullptr) {
if (!slot) {
break;
}

13
security/manager/ssl/src/nsStreamCipher.cpp
View File

@ -10,7 +10,7 @@
NS_IMPL_ISUPPORTS1(nsStreamCipher, nsIStreamCipher)
nsStreamCipher::nsStreamCipher()
: mContext(NULL)
: mContext(nullptr)
{
}
@ -89,8 +89,6 @@ NS_IMETHODIMP nsStreamCipher::Update(const uint8_t *aData, uint32_t aLen)
return NS_ERROR_NOT_INITIALIZED;
unsigned char* output = new unsigned char[aLen];
if (!output)
return NS_ERROR_OUT_OF_MEMORY;
unsigned char* input = (unsigned char*)aData;
int32_t setLen;
@ -132,8 +130,6 @@ NS_IMETHODIMP nsStreamCipher::UpdateFromString(const nsACString& aInput)
uint32_t len = aInput.Length();
unsigned char* output = new unsigned char[len];
if (!output)
return NS_ERROR_OUT_OF_MEMORY;
int32_t setLen;
@ -173,14 +169,7 @@ NS_IMETHODIMP nsStreamCipher::Discard(int32_t aLen)
return NS_ERROR_NOT_INITIALIZED;
unsigned char* output = new unsigned char[aLen];
if (!output)
return NS_ERROR_OUT_OF_MEMORY;
unsigned char* input = new unsigned char[aLen];
if (!input) {
delete [] output;
return NS_ERROR_OUT_OF_MEMORY;
}
int32_t setLen;

10
security/manager/ssl/src/nsUsageArrayHelper.cpp
View File

@ -14,9 +14,9 @@
#include "nspr.h"
#include "nsNSSCertHeader.h"
extern "C" {
#include "secerr.h"
}
using namespace mozilla;
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
@ -166,7 +166,7 @@ if (!nsNSSComponent::globalConstFlagUsePKIXVerification) {
certificateUsageObjectSigner |
certificateUsageSSLCA |
certificateUsageStatusResponder,
NULL, &usages);
nullptr, &usages);
err = PR_GetError();
}
else {
@ -174,7 +174,7 @@ else {
nsCOMPtr<nsINSSComponent> inss = do_GetService(kNSSComponentCID, &nsrv);
if (!inss)
return nsrv;
nsRefPtr<nsCERTValInParamWrapper> survivingParams;
RefPtr<nsCERTValInParamWrapper> survivingParams;
if (localOnly)
nsrv = inss->GetDefaultCERTValInParamLocalOnly(survivingParams);
else
@ -190,7 +190,7 @@ else {
CERT_PKIXVerifyCert(mCert, certificateUsageCheckAllUsages,
survivingParams->GetRawPointerForNSS(),
cvout, NULL);
cvout, nullptr);
err = PR_GetError();
usages = cvout[0].value.scalar.usages;
}