Bug 1271501 - Downgrade unnecessarily strong reinterpret_casts in PSM. r=keeler
authorCykesiopka <cykesiopka.bmo@gmail.com>
Wed, 18 May 2016 18:58:41 -0700
changeset 298093 4525aaa132ff6f642c9a4aaf8f0bb0ac6e5aa2d9
parent 298092 7503f7ee2446da1a859b8465d73a403289b93223
child 298094 1ef294cb3b47138416d559cb2f36f35dc0de7151
push id77035
push userryanvm@gmail.com
push dateThu, 19 May 2016 13:52:35 +0000
treeherdermozilla-inbound@fb8ee867138d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1271501
milestone49.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1271501 - Downgrade unnecessarily strong reinterpret_casts in PSM. r=keeler These reinterpret_casts can be static_casts or const_casts instead. MozReview-Commit-ID: 1KQDWHO9CGS
security/apps/AppSignatureVerification.cpp
security/manager/ssl/CertBlocklist.cpp
security/manager/ssl/PublicKeyPinningService.cpp
security/manager/ssl/RootCertificateTelemetryUtils.cpp
security/manager/ssl/nsCertTree.cpp
security/manager/ssl/nsDataSignatureVerifier.cpp
security/manager/ssl/nsNTLMAuthModule.cpp
security/manager/ssl/nsPKCS12Blob.cpp
security/manager/ssl/nsRandomGenerator.cpp
security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp
--- a/security/apps/AppSignatureVerification.cpp
+++ b/security/apps/AppSignatureVerification.cpp
@@ -628,17 +628,17 @@ struct VerifyCertificateContext {
 nsresult
 VerifyCertificate(CERTCertificate* signerCert, void* voidContext, void* pinArg)
 {
   // TODO: null pinArg is tolerated.
   if (NS_WARN_IF(!signerCert) || NS_WARN_IF(!voidContext)) {
     return NS_ERROR_INVALID_ARG;
   }
   const VerifyCertificateContext& context =
-    *reinterpret_cast<const VerifyCertificateContext*>(voidContext);
+    *static_cast<const VerifyCertificateContext*>(voidContext);
 
   AppTrustDomain trustDomain(context.builtChain, pinArg);
   if (trustDomain.SetTrustedRoot(context.trustedRoot) != SECSuccess) {
     return MapSECStatus(SECFailure);
   }
   Input certDER;
   Result rv = certDER.Init(signerCert->derCert.data, signerCert->derCert.len);
   if (rv != Success) {
--- a/security/manager/ssl/CertBlocklist.cpp
+++ b/security/manager/ssl/CertBlocklist.cpp
@@ -644,17 +644,17 @@ CertBlocklist::IsBlocklistFresh(bool* _r
 }
 
 
 /* static */
 void
 CertBlocklist::PreferenceChanged(const char* aPref, void* aClosure)
 
 {
-  CertBlocklist* blocklist = reinterpret_cast<CertBlocklist*>(aClosure);
+  auto blocklist = static_cast<CertBlocklist*>(aClosure);
   MutexAutoLock lock(blocklist->mMutex);
 
   MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
          ("CertBlocklist::PreferenceChanged %s changed", aPref));
   if (strcmp(aPref, PREF_BACKGROUND_UPDATE_TIMER) == 0) {
     sLastBlocklistUpdate = Preferences::GetUint(PREF_BACKGROUND_UPDATE_TIMER,
                                                 uint32_t(0));
   } else if (strcmp(aPref, PREF_KINTO_ONECRL_CHECKED) == 0) {
--- a/security/manager/ssl/PublicKeyPinningService.cpp
+++ b/security/manager/ssl/PublicKeyPinningService.cpp
@@ -130,20 +130,19 @@ EvalChain(const UniqueCERTCertList& cert
   MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug, ("pkpin: no matches found\n"));
   return NS_OK;
 }
 
 /**
   Comparator for the is public key pinned host.
 */
 static int
-TransportSecurityPreloadCompare(const void *key, const void *entry) {
-  const char *keyStr = reinterpret_cast<const char *>(key);
-  const TransportSecurityPreload *preloadEntry =
-    reinterpret_cast<const TransportSecurityPreload *>(entry);
+TransportSecurityPreloadCompare(const void* key, const void* entry) {
+  auto keyStr = static_cast<const char*>(key);
+  auto preloadEntry = static_cast<const TransportSecurityPreload*>(entry);
 
   return strcmp(keyStr, preloadEntry->mHost);
 }
 
 nsresult
 PublicKeyPinningService::ChainMatchesPinset(const UniqueCERTCertList& certList,
                                             const nsTArray<nsCString>& aSHA256keys,
                                     /*out*/ bool& chainMatchesPinset)
--- a/security/manager/ssl/RootCertificateTelemetryUtils.cpp
+++ b/security/manager/ssl/RootCertificateTelemetryUtils.cpp
@@ -53,19 +53,19 @@ RootCABinNumber(const SECItem* cert)
   // Compare against list of stored hashes
   size_t idx;
 
   MOZ_LOG(gPublicKeyPinningTelemetryLog, LogLevel::Debug,
            ("pkpinTelem: First bytes %02hx %02hx %02hx %02hx\n",
             digest.get().data[0], digest.get().data[1], digest.get().data[2], digest.get().data[3]));
 
   if (mozilla::BinarySearchIf(ROOT_TABLE, 0, ArrayLength(ROOT_TABLE),
-          BinaryHashSearchArrayComparator(
-            reinterpret_cast<const uint8_t*>(digest.get().data), digest.get().len),
-         &idx)) {
+        BinaryHashSearchArrayComparator(static_cast<uint8_t*>(digest.get().data),
+                                        digest.get().len),
+        &idx)) {
 
     MOZ_LOG(gPublicKeyPinningTelemetryLog, LogLevel::Debug,
           ("pkpinTelem: Telemetry index was %lu, bin is %d\n",
            idx, ROOT_TABLE[idx].binNumber));
     return (int32_t) ROOT_TABLE[idx].binNumber;
   }
 
   // Didn't match.
--- a/security/manager/ssl/nsCertTree.cpp
+++ b/security/manager/ssl/nsCertTree.cpp
@@ -177,20 +177,20 @@ nsCertTree::~nsCertTree()
 }
 
 void
 nsCertTree::FreeCertArray()
 {
   mDispInfo.Clear();
 }
 
-CompareCacheHashEntry *
-nsCertTree::getCacheEntry(void *cache, void *aCert)
+CompareCacheHashEntry*
+nsCertTree::getCacheEntry(void* cache, void* aCert)
 {
-  PLDHashTable &aCompareCache = *reinterpret_cast<PLDHashTable*>(cache);
+  PLDHashTable& aCompareCache = *static_cast<PLDHashTable*>(cache);
   auto entryPtr = static_cast<CompareCacheHashEntryPtr*>
                              (aCompareCache.Add(aCert, fallible));
   return entryPtr ? entryPtr->entry : nullptr;
 }
 
 void nsCertTree::RemoveCacheEntry(void *key)
 {
   mCompareCache.Remove(key);
--- a/security/manager/ssl/nsDataSignatureVerifier.cpp
+++ b/security/manager/ssl/nsDataSignatureVerifier.cpp
@@ -149,17 +149,17 @@ VerifyCMSDetachedSignatureIncludingCerti
 
   NSSCMSContentInfo* cinfo = NSS_CMSMessage_ContentLevel(cmsMsg.get(), 0);
   if (!cinfo) {
     return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
   }
 
   // signedData is non-owning
   NSSCMSSignedData* signedData =
-    reinterpret_cast<NSSCMSSignedData*>(NSS_CMSContentInfo_GetContent(cinfo));
+    static_cast<NSSCMSSignedData*>(NSS_CMSContentInfo_GetContent(cinfo));
   if (!signedData) {
     return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
   }
 
   // Set digest value.
   if (NSS_CMSSignedData_SetDigestValue(signedData, SEC_OID_SHA1,
                                        const_cast<SECItem*>(&detachedDigest))) {
     return NS_ERROR_CMS_VERIFY_BAD_DIGEST;
@@ -237,17 +237,17 @@ static nsresult
 VerifyCertificate(CERTCertificate* cert, void* voidContext, void* pinArg)
 {
   // XXX: missing pinArg is tolerated
   if (NS_WARN_IF(!cert) || NS_WARN_IF(!voidContext)) {
     return NS_ERROR_INVALID_ARG;
   }
 
   VerifyCertificateContext* context =
-    reinterpret_cast<VerifyCertificateContext*>(voidContext);
+    static_cast<VerifyCertificateContext*>(voidContext);
 
   nsCOMPtr<nsIX509Cert> xpcomCert(nsNSSCertificate::Create(cert));
   if (!xpcomCert) {
     return NS_ERROR_OUT_OF_MEMORY;
   }
 
   context->signingCert = xpcomCert;
 
--- a/security/manager/ssl/nsNTLMAuthModule.cpp
+++ b/security/manager/ssl/nsNTLMAuthModule.cpp
@@ -446,17 +446,17 @@ ParseType2Msg(const void *inBuf, uint32_
   // 20 Flags
   // 24 Challenge
   // 32 targetInfo
   // 48 start of optional data blocks
   //
   if (inLen < NTLM_TYPE2_HEADER_LEN)
     return NS_ERROR_UNEXPECTED;
 
-  const uint8_t *cursor = reinterpret_cast<const uint8_t*>(inBuf);
+  auto cursor = static_cast<const uint8_t*>(inBuf);
 
   // verify NTLMSSP signature
   if (memcmp(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)) != 0)
     return NS_ERROR_UNEXPECTED;
 
   cursor += sizeof(NTLM_SIGNATURE);
 
   // verify Type-2 marker
@@ -473,17 +473,17 @@ ParseType2Msg(const void *inBuf, uint32_
   // ... read offset from inBuf.
   uint32_t offset = ReadUint32(cursor);
   mozilla::CheckedInt<uint32_t> targetEnd = offset;
   targetEnd += targetLen;
   // Check the offset / length combo is in range of the input buffer, including
   // integer overflow checking.
   if (MOZ_LIKELY(targetEnd.isValid() && targetEnd.value() <= inLen)) {
     msg->targetLen = targetLen;
-    msg->target = reinterpret_cast<const uint8_t*>(inBuf) + offset;
+    msg->target = static_cast<const uint8_t*>(inBuf) + offset;
   } else {
     // Do not error out, for (conservative) backward compatibility.
     msg->targetLen = 0;
     msg->target = nullptr;
   }
 
   // read flags
   msg->flags = ReadUint32(cursor);
@@ -509,17 +509,17 @@ ParseType2Msg(const void *inBuf, uint32_
   // ... read offset from inBuf.
   offset = ReadUint32(cursor);
   mozilla::CheckedInt<uint32_t> targetInfoEnd = offset;
   targetInfoEnd += targetInfoLen;
   // Check the offset / length combo is in range of the input buffer, including
   // integer overflow checking.
   if (MOZ_LIKELY(targetInfoEnd.isValid() && targetInfoEnd.value() <= inLen)) {
     msg->targetInfoLen = targetInfoLen;
-    msg->targetInfo = reinterpret_cast<const uint8_t*>(inBuf) + offset;
+    msg->targetInfo = static_cast<const uint8_t*>(inBuf) + offset;
   } else {
     NS_ERROR("failed to get NTLMv2 target info");
     return NS_ERROR_UNEXPECTED;
   }
 
   return NS_OK;
 }
 
@@ -567,17 +567,18 @@ GenerateType3Msg(const nsString &domain,
   // get domain name
   //
   if (unicode)
   {
 #ifdef IS_BIG_ENDIAN
     ucsDomainBuf = domain;
     domainPtr = ucsDomainBuf.get();
     domainLen = ucsDomainBuf.Length() * 2;
-    WriteUnicodeLE((void *) domainPtr, reinterpret_cast<const char16_t*> (domainPtr),
+    WriteUnicodeLE(const_cast<void*>(domainPtr),
+                   static_cast<const char16_t*>(domainPtr),
                    ucsDomainBuf.Length());
 #else
     domainPtr = domain.get();
     domainLen = domain.Length() * 2;
 #endif
   }
   else
   {
@@ -590,17 +591,18 @@ GenerateType3Msg(const nsString &domain,
   // get user name
   //
   if (unicode)
   {
 #ifdef IS_BIG_ENDIAN
     ucsUserBuf = username;
     userPtr = ucsUserBuf.get();
     userLen = ucsUserBuf.Length() * 2;
-    WriteUnicodeLE((void *) userPtr, reinterpret_cast<const char16_t*> (userPtr),
+    WriteUnicodeLE(const_cast<void*>(userPtr),
+                   static_cast<const char16_t*>(userPtr),
                    ucsUserBuf.Length());
 #else
     userPtr = username.get();
     userLen = username.Length() * 2;
 #endif
   }
   else
   {
@@ -620,17 +622,18 @@ GenerateType3Msg(const nsString &domain,
   }
 
   if (unicode)
   {
     ucsHostBuf = NS_ConvertUTF8toUTF16(hostBuf);
     hostPtr = ucsHostBuf.get();
     hostLen = ucsHostBuf.Length() * 2;
 #ifdef IS_BIG_ENDIAN
-    WriteUnicodeLE((void *) hostPtr, reinterpret_cast<const char16_t*> (hostPtr),
+    WriteUnicodeLE(const_cast<void*>(hostPtr),
+                   static_cast<const char16_t*>(hostPtr),
                    ucsHostBuf.Length());
 #endif
   }
   else
   {
     hostPtr = hostBuf.get();
     hostLen = hostBuf.Length();
   }
@@ -666,24 +669,26 @@ GenerateType3Msg(const nsString &domain,
       NS_ERROR("failed to get NTLMv2 target info, can not do NTLMv2");
       return NS_ERROR_UNEXPECTED;
     }
 
     ToUpperCase(username, ucsUserUpperBuf);
     userUpperPtr = ucsUserUpperBuf.get();
     userUpperLen = ucsUserUpperBuf.Length() * 2;
 #ifdef IS_BIG_ENDIAN
-    WriteUnicodeLE((void *) userUpperPtr, reinterpret_cast<const char16_t*> (userUpperPtr),
+    WriteUnicodeLE(const_cast<void*>(userUpperPtr),
+                   static_cast<const char16_t*>(userUpperPtr),
                    ucsUserUpperBuf.Length());
 #endif
     ToUpperCase(domain, ucsDomainUpperBuf);
     domainUpperPtr = ucsDomainUpperBuf.get();
     domainUpperLen = ucsDomainUpperBuf.Length() * 2;
 #ifdef IS_BIG_ENDIAN
-    WriteUnicodeLE((void *) domainUpperPtr, reinterpret_cast<const char16_t*> (domainUpperPtr),
+    WriteUnicodeLE(const_cast<void*>(domainUpperPtr),
+                   static_cast<const char16_t*>(domainUpperPtr),
                    ucsDomainUpperBuf.Length());
 #endif
 
     NTLM_Hash(password, ntlmHash);
     ntlmHashStr = nsAutoCString(reinterpret_cast<const char *>(ntlmHash), NTLM_HASH_LEN);
 
     nsCOMPtr<nsIKeyObjectFactory> keyFactory =
         do_CreateInstance(NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &rv);
@@ -707,21 +712,22 @@ GenerateType3Msg(const nsString &domain,
         do_CreateInstance(NS_CRYPTO_HMAC_CONTRACTID, &rv);
     if (NS_FAILED(rv)) {
       return rv;
     }
     rv = hasher->Init(nsICryptoHMAC::MD5, ntlmKey);
     if (NS_FAILED(rv)) {
       return rv;
     }
-    rv = hasher->Update(reinterpret_cast<const uint8_t*> (userUpperPtr), userUpperLen);
+    rv = hasher->Update(static_cast<const uint8_t*>(userUpperPtr), userUpperLen);
     if (NS_FAILED(rv)) {
       return rv;
     }
-    rv = hasher->Update(reinterpret_cast<const uint8_t*> (domainUpperPtr), domainUpperLen);
+    rv = hasher->Update(static_cast<const uint8_t*>(domainUpperPtr),
+                        domainUpperLen);
     if (NS_FAILED(rv)) {
       return rv;
     }
     rv = hasher->Finish(false, ntlmv2HashStr);
     if (NS_FAILED(rv)) {
       return rv;
     }
 
@@ -887,64 +893,68 @@ GenerateType3Msg(const nsString &domain,
   offset += domainLen;
   offset += userLen;
   offset += hostLen;
   if (!offset.isValid()) {
     NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
     return NS_ERROR_UNEXPECTED;
   }
   cursor = WriteSecBuf(cursor, LM_RESP_LEN, offset.value());
-  memcpy((uint8_t *) *outBuf + offset.value(), lmResp, LM_RESP_LEN);
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), lmResp, LM_RESP_LEN);
 
   // 20 : NTLM or NTLMv2 response sec buf
   offset += LM_RESP_LEN;
   if (!offset.isValid()) {
     NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
     return NS_ERROR_UNEXPECTED;
   }
   cursor = WriteSecBuf(cursor, ntlmRespLen.value(), offset.value());
   if (ntlmv2) {
-    memcpy(reinterpret_cast<uint8_t*> (*outBuf) + offset.value(), ntlmv2Resp, NTLMv2_RESP_LEN);
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), ntlmv2Resp,
+           NTLMv2_RESP_LEN);
     offset += NTLMv2_RESP_LEN;
     if (!offset.isValid()) {
       NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
       return NS_ERROR_UNEXPECTED;
     }
-    memcpy(reinterpret_cast<uint8_t*> (*outBuf) + offset.value(), ntlmv2_blob1, NTLMv2_BLOB1_LEN);
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), ntlmv2_blob1,
+           NTLMv2_BLOB1_LEN);
     offset += NTLMv2_BLOB1_LEN;
     if (!offset.isValid()) {
       NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
       return NS_ERROR_UNEXPECTED;
     }
-    memcpy(reinterpret_cast<uint8_t*> (*outBuf) + offset.value(), msg.targetInfo, msg.targetInfoLen);
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), msg.targetInfo,
+           msg.targetInfoLen);
   } else {
-    memcpy(reinterpret_cast<uint8_t*> (*outBuf) + offset.value(), ntlmResp, NTLM_RESP_LEN);
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), ntlmResp,
+           NTLM_RESP_LEN);
   }
   // 28 : domain name sec buf
   offset = NTLM_TYPE3_HEADER_LEN;
   cursor = WriteSecBuf(cursor, domainLen, offset.value());
-  memcpy((uint8_t *) *outBuf + offset.value(), domainPtr, domainLen);
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), domainPtr, domainLen);
 
   // 36 : user name sec buf
   offset += domainLen;
   if (!offset.isValid()) {
     NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
     return NS_ERROR_UNEXPECTED;
   }
   cursor = WriteSecBuf(cursor, userLen, offset.value());
-  memcpy(reinterpret_cast<uint8_t*> (*outBuf) + offset.value(), userPtr, userLen);
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), userPtr, userLen);
 
   // 44 : workstation (host) name sec buf
   offset += userLen;
   if (!offset.isValid()) {
     NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
     return NS_ERROR_UNEXPECTED;
   }
   cursor = WriteSecBuf(cursor, hostLen, offset.value());
-  memcpy(reinterpret_cast<uint8_t*> (*outBuf) + offset.value(), hostPtr, hostLen);
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), hostPtr, hostLen);
 
   // 52 : session key sec buf (not used)
   cursor = WriteSecBuf(cursor, 0, 0);
 
   // 60 : negotiated flags
   cursor = WriteDWORD(cursor, msg.flags & NTLM_TYPE1_FLAGS);
 
   return NS_OK;
--- a/security/manager/ssl/nsPKCS12Blob.cpp
+++ b/security/manager/ssl/nsPKCS12Blob.cpp
@@ -508,19 +508,19 @@ nsPKCS12Blob::inputToDecoder(SEC_PKCS12D
 // C callback methods
 //
 
 // digest_open
 // prepare a memory buffer for reading/writing digests
 SECStatus
 nsPKCS12Blob::digest_open(void *arg, PRBool reading)
 {
-  nsPKCS12Blob *cx = reinterpret_cast<nsPKCS12Blob *>(arg);
+  auto cx = static_cast<nsPKCS12Blob*>(arg);
   NS_ENSURE_TRUE(cx, SECFailure);
-  
+
   if (reading) {
     NS_ENSURE_TRUE(cx->mDigest, SECFailure);
 
     delete cx->mDigestIterator;
     cx->mDigestIterator = new nsCString::const_iterator;
 
     if (!cx->mDigestIterator) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
@@ -543,68 +543,68 @@ nsPKCS12Blob::digest_open(void *arg, PRB
 }
 
 // digest_close
 // destroy a possibly active iterator
 // remove the data buffer if requested
 SECStatus
 nsPKCS12Blob::digest_close(void *arg, PRBool remove_it)
 {
-  nsPKCS12Blob *cx = reinterpret_cast<nsPKCS12Blob *>(arg);
+  auto cx = static_cast<nsPKCS12Blob*>(arg);
   NS_ENSURE_TRUE(cx, SECFailure);
 
   delete cx->mDigestIterator;
   cx->mDigestIterator = nullptr;
 
-  if (remove_it) {  
+  if (remove_it) {
     delete cx->mDigest;
     cx->mDigest = nullptr;
   }
-  
+
   return SECSuccess;
 }
 
 // digest_read
 // read bytes from the memory buffer
 int
 nsPKCS12Blob::digest_read(void *arg, unsigned char *buf, unsigned long len)
 {
-  nsPKCS12Blob *cx = reinterpret_cast<nsPKCS12Blob *>(arg);
+  auto cx = static_cast<nsPKCS12Blob*>(arg);
   NS_ENSURE_TRUE(cx, SECFailure);
   NS_ENSURE_TRUE(cx->mDigest, SECFailure);
 
   // iterator object must exist when digest has been opened in read mode
   NS_ENSURE_TRUE(cx->mDigestIterator, SECFailure);
 
   unsigned long available = cx->mDigestIterator->size_forward();
-  
+
   if (len > available)
     len = available;
 
   memcpy(buf, cx->mDigestIterator->get(), len);
   cx->mDigestIterator->advance(len);
-  
+
   return len;
 }
 
 // digest_write
 // append bytes to the memory buffer
 int
 nsPKCS12Blob::digest_write(void *arg, unsigned char *buf, unsigned long len)
 {
-  nsPKCS12Blob *cx = reinterpret_cast<nsPKCS12Blob *>(arg);
+  auto cx = static_cast<nsPKCS12Blob*>(arg);
   NS_ENSURE_TRUE(cx, SECFailure);
   NS_ENSURE_TRUE(cx->mDigest, SECFailure);
 
   // make sure we are in write mode, read iterator has not yet been allocated
   NS_ENSURE_FALSE(cx->mDigestIterator, SECFailure);
-  
+
   cx->mDigest->Append(reinterpret_cast<char *>(buf),
                      static_cast<uint32_t>(len));
-  
+
   return len;
 }
 
 // nickname_collision
 // what to do when the nickname collides with one already in the db.
 // TODO: not handled, throw a dialog allowing the nick to be changed?
 SECItem *
 nsPKCS12Blob::nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx)
--- a/security/manager/ssl/nsRandomGenerator.cpp
+++ b/security/manager/ssl/nsRandomGenerator.cpp
@@ -24,17 +24,17 @@ nsRandomGenerator::GenerateRandomBytes(u
     return NS_ERROR_NOT_AVAILABLE;
   }
 
   mozilla::UniquePK11SlotInfo slot(PK11_GetInternalSlot());
   if (!slot) {
     return NS_ERROR_FAILURE;
   }
 
-  uint8_t* buf = reinterpret_cast<uint8_t*>(moz_xmalloc(aLength));
+  auto buf = static_cast<uint8_t*>(moz_xmalloc(aLength));
   if (!buf) {
     return NS_ERROR_OUT_OF_MEMORY;
   }
 
   SECStatus srv = PK11_GenerateRandomOnSlot(slot.get(), buf, aLength);
   if (srv != SECSuccess) {
     free(buf);
     return NS_ERROR_FAILURE;
--- a/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp
@@ -442,17 +442,17 @@ ConfigSecureServerWithNamedCert(PRFileDe
       PORT_ArenaAlloc(arena.get(), sizeof(CERTCertificateList))));
     if (!certList) {
       PrintPRError("PORT_ArenaAlloc failed");
       return SECFailure;
     }
     certList->arena = arena.release();
     // We also have to manually copy the certificates we care about to the
     // list, because there aren't any utility functions for that either.
-    certList->certs = reinterpret_cast<SECItem*>(
+    certList->certs = static_cast<SECItem*>(
       PORT_ArenaAlloc(certList->arena, 2 * sizeof(SECItem)));
     if (SECITEM_CopyItem(certList->arena, certList->certs, &cert->derCert)
           != SECSuccess) {
       PrintPRError("SECITEM_CopyItem failed");
       return SECFailure;
     }
     if (SECITEM_CopyItem(certList->arena, certList->certs + 1,
                          &issuerCert->derCert) != SECSuccess) {