390527 - libpkix does not return a numeric error code. r=nelson
authoralexei.volkov.bugs%sun.com
Thu, 06 Sep 2007 20:48:58 +0000
changeset 8037 1887266437e0d56ab6286b0b185272f561e1d1ff
parent 8036 f3682f2e22305a7f0b2cc5898af6abeed491d986
child 8038 6dab51ba0679e378a6d9ebd5419092b637f70cd9
push idunknown
push userunknown
push dateunknown
reviewersnelson
bugs390527
390527 - libpkix does not return a numeric error code. r=nelson
security/nss/cmd/libpkix/pkix/certsel/test_certselector.c
security/nss/cmd/libpkix/pkix/top/test_customcrlchecker.c
security/nss/cmd/libpkix/pkix/util/test_error.c
security/nss/lib/libpkix/include/pkix_errorstrings.h
security/nss/lib/libpkix/include/pkix_util.h
security/nss/lib/libpkix/pkix/top/pkix_policychecker.c
security/nss/lib/libpkix/pkix/util/pkix_error.c
security/nss/lib/libpkix/pkix/util/pkix_error.h
security/nss/lib/libpkix/pkix/util/pkix_errpaths.c
security/nss/lib/libpkix/pkix/util/pkix_tools.c
security/nss/lib/libpkix/pkix/util/pkix_tools.h
security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c
--- a/security/nss/cmd/libpkix/pkix/certsel/test_certselector.c
+++ b/security/nss/cmd/libpkix/pkix/certsel/test_certselector.c
@@ -254,17 +254,16 @@ custom_CertSelector_MatchCallback(
         PKIX_Boolean *pResult,
         void *plContext)
 {
         PKIX_UInt32 i = 0;
         PKIX_UInt32 numPolicies = 0;
         PKIX_List *certPolicies = NULL;
         PKIX_List *quals = NULL;
         PKIX_PL_CertPolicyInfo *policy = NULL;
-        PKIX_PL_String *errorDesc = NULL;
         PKIX_Error *error = NULL;
 
         PKIX_TEST_STD_VARS();
 
         *pResult = PKIX_TRUE;
 
         PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
                 (cert, &certPolicies, plContext));
@@ -285,39 +284,31 @@ custom_CertSelector_MatchCallback(
                         if (quals) {
                             goto cleanup;
                         }
                         PKIX_TEST_DECREF_BC(policy);
                 }
                 PKIX_TEST_DECREF_BC(certPolicies);
                 *pResult = PKIX_FALSE;
 
-                /* Policies extension but no Policy Qualifiers */
-                PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
-                        (PKIX_ESCASCII,
-                        "Policies extension but no Policy Qualifiers",
-                        0,
-                        &errorDesc,
-                        plContext));
                 PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create
                         (PKIX_CERTSELECTOR_ERROR,
                         NULL,
                         NULL,
-                        errorDesc,
+                        PKIX_TESTPOLICYEXTWITHNOPOLICYQUALIFIERS,
                         &error,
                         plContext));
 
         }
 
 cleanup:
 
         PKIX_TEST_DECREF_AC(certPolicies);
         PKIX_TEST_DECREF_AC(policy);
         PKIX_TEST_DECREF_AC(quals);
-        PKIX_TEST_DECREF_AC(errorDesc);
 
         return(error);
 }
 
 /*
  * This custom matchCallback will pass any Certificate whose
  * CertificatePolicies extension asserts the Policy specified by
  * the OID in the CertSelectorContext object.
@@ -382,28 +373,21 @@ custom_CertSelector_MatchOIDCallback(
                         PKIX_TEST_DECREF_BC(policy);
                         PKIX_TEST_DECREF_BC(policyOID);
                 }
         }
 
         PKIX_TEST_DECREF_BC(certSelectorContext);
         PKIX_TEST_DECREF_BC(certPolicies);
 
-        /* No matching Policy */
-        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
-                        (PKIX_ESCASCII,
-                        "No matching Policy",
-                        0,
-                        &errorDesc,
-                        plContext));
-                PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create
                         (PKIX_CERTSELECTOR_ERROR,
                         NULL,
                         NULL,
-                        errorDesc,
+                        PKIX_TESTNOMATCHINGPOLICY,
                         &error,
                         plContext));
 
 cleanup:
 
         PKIX_TEST_DECREF_AC(certSelectorContext);
         PKIX_TEST_DECREF_AC(certPolicies);
         PKIX_TEST_DECREF_AC(policy);
--- a/security/nss/cmd/libpkix/pkix/top/test_customcrlchecker.c
+++ b/security/nss/cmd/libpkix/pkix/top/test_customcrlchecker.c
@@ -149,17 +149,16 @@ testCRLSelectorMatchCallback(
         PKIX_ComCRLSelParams *comCrlSelParams = NULL;
         PKIX_List *issuerList = NULL;
         PKIX_PL_X500Name *issuer = NULL;
         PKIX_PL_X500Name *crlIssuer = NULL;
         PKIX_UInt32 numIssuers = 0;
         PKIX_UInt32 i = 0;
         PKIX_Boolean result = PKIX_FALSE;
         PKIX_Error *error = NULL;
-        PKIX_PL_String *textString = NULL;
         char *errorText = "Not an error, CRL Select mismatch";
 
         PKIX_TEST_STD_VARS();
 
         subTest("Custom_Selector_MatchCallback");
 
         if (selector != NULL) {
                 PKIX_TEST_EXPECT_NO_ERROR
@@ -198,29 +197,21 @@ testCRLSelectorMatchCallback(
 
                         if (result != PKIX_TRUE) {
                                 break;
                         }
 
                         if (i == numIssuers-1) {
 
                                 PKIX_TEST_EXPECT_NO_ERROR
-                                        (PKIX_PL_String_Create
-                                        (PKIX_ESCASCII,
-                                        (void *) errorText,
-                                        0,
-                                        &textString,
-                                        plContext));
-
-                                PKIX_TEST_EXPECT_NO_ERROR
                                         (PKIX_Error_Create
                                         (0,
                                         NULL,
                                         NULL,
-                                        textString,
+                                        PKIX_TESTNOTANERRORCRLSELECTMISMATCH,
                                         &error,
                                         plContext));
 
                                 PKIX_TEST_DECREF_AC(issuer);
                                 issuer = NULL;
                                 break;
                         }
 
@@ -230,17 +221,16 @@ testCRLSelectorMatchCallback(
         }
 
 cleanup:
 
         PKIX_TEST_DECREF_AC(comCrlSelParams);
         PKIX_TEST_DECREF_AC(crlIssuer);
         PKIX_TEST_DECREF_AC(issuer);
         PKIX_TEST_DECREF_AC(issuerList);
-        PKIX_TEST_DECREF_AC(textString);
 
         PKIX_TEST_RETURN();
 
         return (error);
 
 }
 
 static PKIX_Error *
--- a/security/nss/cmd/libpkix/pkix/util/test_error.c
+++ b/security/nss/cmd/libpkix/pkix/util/test_error.c
@@ -49,96 +49,80 @@ static void *plContext = NULL;
 static
 void createErrors(
         PKIX_Error **error,
         PKIX_Error **error2,
         PKIX_Error **error3,
         PKIX_Error **error5,
         PKIX_Error **error6,
         PKIX_Error **error7,
-        char *descChar,
-        char *descChar2,
         char *infoChar)
 
 {
-        PKIX_PL_String *descString = NULL;
-        PKIX_PL_String *desc2String = NULL;
         PKIX_PL_String *infoString = NULL;
 
         PKIX_TEST_STD_VARS();
 
         PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
                                         PKIX_ESCASCII,
-                                        descChar,
-                                        PL_strlen(descChar),
-                                        &descString,
-                                        plContext));
-
-        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
-                                        PKIX_ESCASCII,
-                                        descChar2,
-                                        PL_strlen(descChar2),
-                                        &desc2String,
-                                        plContext));
-
-        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
-                                        PKIX_ESCASCII,
                                         infoChar,
                                         PL_strlen(infoChar),
                                         &infoString,
                                         plContext));
 
-        PKIX_TEST_EXPECT_NO_ERROR
-                (PKIX_Error_Create
-                (PKIX_MEM_ERROR, NULL, NULL, desc2String, error2, plContext));
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create
+                                  (PKIX_MEM_ERROR,
+                                   NULL,
+                                   NULL,
+                                   PKIX_TESTANOTHERERRORMESSAGE,
+                                   error2,
+                                   plContext));
 
         PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create
                                     (PKIX_OBJECT_ERROR,
                                     *error2,
                                     (PKIX_PL_Object*)infoString,
-                                    descString,
+                                     PKIX_TESTERRORMESSAGE,
                                     error,
                                     plContext));
 
         PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create
                                     (PKIX_OBJECT_ERROR,
                                     *error2,
                                     (PKIX_PL_Object*)infoString,
-                                    descString,
+                                     PKIX_TESTERRORMESSAGE,
                                     error3,
                                     plContext));
 
         PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create
                                     (PKIX_OBJECT_ERROR,
                                     NULL,
                                     (PKIX_PL_Object*)infoString,
-                                    NULL,
+                                    0,
                                     error5,
                                     plContext));
 
         PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create
                                     (PKIX_MEM_ERROR,
                                     *error5,
                                     (PKIX_PL_Object*)infoString,
-                                    NULL,
+                                    0,
                                     error6,
                                     plContext));
 
         PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create
                                     (PKIX_OBJECT_ERROR,
                                     *error6,
                                     (PKIX_PL_Object*)infoString,
-                                    NULL,
+                                    0,
                                     error7,
                                     plContext));
 
 cleanup:
 
-        PKIX_TEST_DECREF_AC(descString);
-        PKIX_TEST_DECREF_AC(desc2String);
         PKIX_TEST_DECREF_AC(infoString);
 
         PKIX_TEST_RETURN();
 }
 
 static
 void testGetErrorCode(PKIX_Error *error, PKIX_Error *error2){
 
@@ -420,18 +404,16 @@ int test_error(int argc, char *argv[]) {
         subTest("PKIX_Error_Create");
         createErrors
                 (&error,
                 &error2,
                 &error3,
                 &error5,
                 &error6,
                 &error7,
-                descChar,
-                descChar2,
                 infoChar);
 
         PKIX_TEST_EQ_HASH_TOSTR_DUP
                 (error,
                 error,
                 error2,
                 NULL,
                 Error,
--- a/security/nss/lib/libpkix/include/pkix_errorstrings.h
+++ b/security/nss/lib/libpkix/include/pkix_errorstrings.h
@@ -38,16 +38,18 @@
 /*
  * This file is intended to be included after different definitions of
  * PKIX_ERRORENTRY. It is included in pkixt.h to define a number for each error
  * by defining PKIX_ERRORENTRY(x,y) as PKIX_ ## x  and then listing thim within
  * an enum. It is included in pkix_error.c to define an array of error strings
  * by defining PKIX_ERRORENTRY(x,y) #y and then listing thim within an array
  * const char * const PKIX_ErrorText[]
  */
+/* ALLOCERROR should always be the first */
+PKIX_ERRORENTRY(ALLOCERROR,Allocation Error),
 PKIX_ERRORENTRY(PKIXUNKNOWNERROR,PKIX uninitialized error code),
 PKIX_ERRORENTRY(GETPKIXERRORCODEFAILED,Get PKIX error code failed),
 PKIX_ERRORENTRY(ADDHEADERFUNCTIONNOTSUPPORTED,AddHeader function not supported),
 PKIX_ERRORENTRY(ADDTOVERIFYLOGFAILED,pkix_AddToVerifyLog failed),
 PKIX_ERRORENTRY(AIAMGRCREATEFAILED,PKIX_PL_AIAMgr_Create failed),
 PKIX_ERRORENTRY(AIAMGRFINDLDAPCLIENTFAILED,pkix_pl_AiaMgr_FindLDAPClient failed),
 PKIX_ERRORENTRY(AIAMGRGETAIACERTSFAILED,PKIX_PL_AIAMgr_GetAIACerts failed),
 PKIX_ERRORENTRY(AIAMGRGETHTTPCERTSFAILED,pkix_pl_AIAMgr_GetHTTPCerts failed),
@@ -992,16 +994,21 @@ PKIX_ERRORENTRY(SPRINTFFAILED,PKIX_PL_Sp
 PKIX_ERRORENTRY(STRINGCOMPARATORFAILED,pkix_pl_String_Comparator failed),
 PKIX_ERRORENTRY(STRINGCREATEFAILED,PKIX_PL_String_Create failed),
 PKIX_ERRORENTRY(STRINGEQUALSFAILED,pkix_pl_String_Equals failed),
 PKIX_ERRORENTRY(STRINGGETENCODEDFAILED,PKIX_PL_String_GetEncoded failed),
 PKIX_ERRORENTRY(STRINGHASHCODEFAILED,pkix_pl_String_Hashcode failed),
 PKIX_ERRORENTRY(SUBJALTNAMECHECKFAILED,Validation failed: SubjAltNamecheck failed),
 PKIX_ERRORENTRY(TARGETCERTCHECKERINITIALIZEFAILED,pkix_TargetCertChecker_Initialize failed),
 PKIX_ERRORENTRY(TARGETCERTCHECKERSTATECREATEFAILED,pkix_TargetCertCheckerState_Create failed),
+PKIX_ERRORENTRY(TESTPOLICYEXTWITHNOPOLICYQUALIFIERS, Policies extension but no Policy Qualifiers),
+PKIX_ERRORENTRY(TESTNOMATCHINGPOLICY, No Matching Policy),
+PKIX_ERRORENTRY(TESTNOTANERRORCRLSELECTMISMATCH, Not an error CRL Select mismatch),
+PKIX_ERRORENTRY(TESTERRORMESSAGE, Error Message),
+PKIX_ERRORENTRY(TESTANOTHERERRORMESSAGE, Another Error Message),
 PKIX_ERRORENTRY(TIMECONSUMEDEXCEEDSRESOURCELIMITS,Time consumed exceeds Resource Limits),
 PKIX_ERRORENTRY(TOOLITTLEDATAINDERSEQUENCE,Too little data in DER Sequence),
 PKIX_ERRORENTRY(TOOMUCHDATAINDERSEQUENCE,Too much data in DER Sequence),
 PKIX_ERRORENTRY(TOSTRINGFORTHISGENERALNAMETYPENOTSUPPORTED,ToString for this GeneralName type not supported),
 PKIX_ERRORENTRY(TRUNCATEDUNICODEINESCAPEDASCII,Truncated Unicode in EscapedASCII),
 PKIX_ERRORENTRY(TRUSTANCHORCREATEWITHCERTFAILED,PKIX_TrustAnchor_CreateWithCert failed),
 PKIX_ERRORENTRY(TRUSTANCHORGETCANAMEFAILED,PKIX_TrustAnchor_GetCAName failed),
 PKIX_ERRORENTRY(TRUSTANCHORGETCAPUBLICKEYFAILED,PKIX_TrustAnchor_GetCAPublicKey failed),
--- a/security/nss/lib/libpkix/include/pkix_util.h
+++ b/security/nss/lib/libpkix/include/pkix_util.h
@@ -492,20 +492,20 @@ PKIX_AddLogger(
  *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns an Error Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_Error_Create(
-        PKIX_UInt32 errorCode,
+        PKIX_ERRORNUM errorCode,
         PKIX_Error *cause,
         PKIX_PL_Object *info,
-        PKIX_PL_String *desc,
+        PKIX_ERRSTRINGNUM descCode,
         PKIX_Error **pError,
         void *plContext);
 
 /*
  * FUNCTION: PKIX_Error_GetErrorCode
  * DESCRIPTION:
  *
  *  Retrieves the error code of the Error pointed to by "error" and stores it
--- a/security/nss/lib/libpkix/pkix/top/pkix_policychecker.c
+++ b/security/nss/lib/libpkix/pkix/top/pkix_policychecker.c
@@ -2629,18 +2629,17 @@ pkix_PolicyChecker_Check(
         if (subroutineErr) {
 
 subrErrorCleanup:
                 /* We had an error. Was it a fatal error? */
                 pkixTempResult = PKIX_Error_GetErrorCode
                         (subroutineErr, &pkixErrorCode, plContext);
                 if (pkixTempResult) return pkixTempResult;
                 if (pkixErrorCode == PKIX_FATAL_ERROR) {
-                    PKIX_THROW
-                        (FATAL, PKIX_ErrorText[PKIX_POLICYCHECKERERROR]);
+                    PKIX_THROW(FATAL, PKIX_POLICYCHECKERERROR);
                 }
                 /*
                  * Abort policy processing, and then determine whether
                  * we can continue without policy processing.
                  */
                 PKIX_DECREF(state->validPolicyTree);
                 PKIX_DECREF(state->anyPolicyNodeAtBottom);
                 PKIX_DECREF(state->newAnyPolicyNode);
--- a/security/nss/lib/libpkix/pkix/util/pkix_error.c
+++ b/security/nss/lib/libpkix/pkix/util/pkix_error.c
@@ -64,18 +64,16 @@ pkix_Error_Equals(
         PKIX_PL_Object *secondObject,
         PKIX_Boolean *pResult,
         void *plContext)
 {
         PKIX_Error *firstError = NULL;
         PKIX_Error *secondError = NULL;
         PKIX_Error *firstCause = NULL;
         PKIX_Error *secondCause = NULL;
-        PKIX_PL_String *firstDesc = NULL;
-        PKIX_PL_String *secondDesc = NULL;
         PKIX_PL_Object *firstInfo = NULL;
         PKIX_PL_Object *secondInfo = NULL;
         PKIX_UInt32 firstCode, secondCode, secondType;
         PKIX_Boolean boolResult, unequalFlag;
 
         PKIX_ENTER(ERROR, "pkix_Error_Equals");
         PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
 
@@ -159,32 +157,18 @@ pkix_Error_Equals(
                 if (boolResult == 0) unequalFlag = PKIX_TRUE;
         }
 
         /* If the infos are not equal, return null */
         if (unequalFlag) goto cleanup;
 
 
         /* Compare descs */
-        firstDesc = firstError->desc;
-        secondDesc = secondError->desc;
-
-        if (((firstDesc != NULL) && (secondDesc == NULL))||
-            ((firstDesc == NULL) && (secondDesc != NULL))) {
+        if (firstError->descCode != secondError->descCode) {
                 unequalFlag = PKIX_TRUE;
-        } else if ((firstDesc != NULL) && (secondDesc != NULL)) {
-                PKIX_CHECK(PKIX_PL_Object_Equals
-                            ((PKIX_PL_Object*) firstDesc,
-                            (PKIX_PL_Object*) secondDesc,
-                            &boolResult,
-                            plContext),
-                            PKIX_ERRORINRECURSIVEEQUALSCALL);
-
-                /* If the desc errors are not equal, return null */
-                if (boolResult == 0) unequalFlag = PKIX_TRUE;
         }
 
         /* If the unequalFlag was set, return false */
         if (unequalFlag) goto cleanup;
 
         /* Errors are equal in all fields at this point */
         *pResult = PKIX_TRUE;
 
@@ -209,18 +193,16 @@ pkix_Error_Destroy(
 
         PKIX_CHECK(pkix_CheckType(object, PKIX_ERROR_TYPE, plContext),
                 PKIX_OBJECTNOTANERROR);
 
         error = (PKIX_Error *)object;
 
         PKIX_DECREF(error->cause);
 
-        PKIX_DECREF(error->desc);
-
         PKIX_DECREF(error->info);
 
 cleanup:
 
         PKIX_RETURN(ERROR);
 }
 
 
@@ -254,18 +236,18 @@ pkix_Error_ToString(
                 PKIX_OBJECTNOTANERROR);
 
         error = (PKIX_Error *)object;
 
         /* Get this error's code, description and the string of its cause */
         code = error->code;
 
         /* Get the description string */
-        desc = error->desc;
-
+        PKIX_Error_GetDescription(error, &desc, plContext);
+            
         /* Get the cause */
         cause = error->cause;
 
         /* Get the causes's description string */
         if (cause != NULL) {
                 pkix_error_cause_depth++;
 
                 /* Get the cause string */
@@ -320,17 +302,16 @@ pkix_Error_ToString(
         PKIX_CHECK(PKIX_PL_String_Create
                     (PKIX_ESCASCII,
                     format,
                     0,
                     &formatString,
                     plContext),
                     PKIX_STRINGCREATEFAILED);
 
-
         /* Create the output String */
         PKIX_CHECK(PKIX_PL_Sprintf
                     (pString,
                     plContext,
                     formatString,
                     errorNameString,
                     desc,
                     optCauseString),
@@ -423,20 +404,20 @@ pkix_Error_RegisterSelf(void *plContext)
 
 /* --Public-Functions--------------------------------------------- */
 
 /*
  * FUNCTION: PKIX_Error_Create (see comments in pkix_util.h)
  */
 PKIX_Error *
 PKIX_Error_Create(
-        PKIX_UInt32 errorCode,
+        PKIX_ERRORNUM errorCode,
         PKIX_Error *cause,
         PKIX_PL_Object *info,
-        PKIX_PL_String *desc,
+        PKIX_ERRSTRINGNUM descCode,
         PKIX_Error **pError,
         void *plContext)
 {
         PKIX_Error *tempCause = NULL;
         PKIX_Error *error = NULL;
 
         PKIX_ENTER(ERROR, "PKIX_Error_Create");
 
@@ -457,28 +438,27 @@ PKIX_Error_Create(
         error->code = errorCode;
 
         /* Ensure we don't have a loop. Follow causes until NULL */
         for (tempCause = cause;
             tempCause != NULL;
             tempCause = tempCause->cause) {
                 /* If we detect a loop, throw a new error */
                 if (tempCause == error) {
-                        PKIX_THROW(ERROR, "Loop of error causes detected");
+                        PKIX_THROW(ERROR, PKIX_LOOPOFERRORCAUSEDETECTED);
                 }
         }
 
         PKIX_INCREF(cause);
         error->cause = cause;
 
         PKIX_INCREF(info);
         error->info = info;
 
-        PKIX_INCREF(desc);
-        error->desc = desc;
+        error->descCode = descCode;
 
         *pError = error;
 
         PKIX_RETURN(ERROR);
 }
 
 /*
  * FUNCTION: PKIX_Error_GetErrorCode (see comments in pkix_util.h)
@@ -493,16 +473,33 @@ PKIX_Error_GetErrorCode(
         PKIX_NULLCHECK_TWO(error, pCode);
 
         *pCode = error->code;
 
         PKIX_RETURN(ERROR);
 }
 
 /*
+ * FUNCTION: PKIX_Error_GetErrorCode (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_Error_GetErrorMsgCode(
+        PKIX_Error *error,
+        PKIX_UInt32 *pCode,
+        void *plContext)
+{
+        PKIX_ENTER(ERROR, "PKIX_Error_GetDescErrorCode");
+        PKIX_NULLCHECK_TWO(error, pCode);
+
+        *pCode = error->descCode;
+
+        PKIX_RETURN(ERROR);
+}
+
+/*
  * FUNCTION: PKIX_Error_GetCause (see comments in pkix_util.h)
  */
 PKIX_Error *
 PKIX_Error_GetCause(
         PKIX_Error *error,
         PKIX_Error **pCause,
         void *plContext)
 {
@@ -541,19 +538,23 @@ PKIX_Error_GetSupplementaryInfo(
  * FUNCTION: PKIX_Error_GetDescription (see comments in pkix_util.h)
  */
 PKIX_Error *
 PKIX_Error_GetDescription(
         PKIX_Error *error,
         PKIX_PL_String **pDesc,
         void *plContext)
 {
+        PKIX_PL_String *descString = NULL;
+
         PKIX_ENTER(ERROR, "PKIX_Error_GetDescription");
         PKIX_NULLCHECK_TWO(error, pDesc);
 
-        if (error != PKIX_ALLOC_ERROR()){
-                PKIX_INCREF(error->desc);
-        }
+        PKIX_PL_String_Create(PKIX_ESCASCII,
+                              (void *)PKIX_ErrorText[error->descCode],
+                              0,
+                              &descString,
+                              plContext);
 
-        *pDesc = error->desc;
+        *pDesc = descString;
 
         PKIX_RETURN(ERROR);
 }
--- a/security/nss/lib/libpkix/pkix/util/pkix_error.h
+++ b/security/nss/lib/libpkix/pkix/util/pkix_error.h
@@ -46,20 +46,20 @@
 
 #include "pkix_tools.h"
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
 struct PKIX_ErrorStruct {
-        PKIX_UInt32 code;
+        PKIX_ERRORNUM code;
         PKIX_Error *cause;
         PKIX_PL_Object *info;
-        PKIX_PL_String *desc;
+        PKIX_ERRSTRINGNUM descCode;
 };
 
 /* see source file for function documentation */
 
 extern PKIX_Error * pkix_Error_RegisterSelf(void *plContext);
 
 #ifdef __cplusplus
 }
--- a/security/nss/lib/libpkix/pkix/util/pkix_errpaths.c
+++ b/security/nss/lib/libpkix/pkix/util/pkix_errpaths.c
@@ -43,43 +43,43 @@
 
 #define PKIX_STDVARS_POINTER
 #include "pkix_error.h"
 
 const PKIX_StdVars zeroStdVars;
 
 PKIX_Error *
 PKIX_DoThrow(PKIX_StdVars * stdVars, PKIX_ERRORNUM errorCode, 
-             const char * desc, void *plContext)
+             PKIX_ERRSTRINGNUM descNum, void *plContext)
 {
-    pkixTempResult = (PKIX_Error*)pkix_Throw(errorCode, myFuncName, desc,
+    pkixTempResult = (PKIX_Error*)pkix_Throw(errorCode, myFuncName, descNum,
 	                 pkixErrorResult, &pkixReturnResult, plContext);
     if (pkixErrorResult != PKIX_ALLOC_ERROR())
 	PKIX_DECREF(pkixErrorResult);
     if (pkixTempResult)
 	return pkixTempResult;
     return pkixReturnResult;
 }
 
 PKIX_Error *
 PKIX_DoReturn(PKIX_StdVars * stdVars, PKIX_ERRORNUM errorCode,
               PKIX_Boolean doLogger, void *plContext)
 {
     PKIX_OBJECT_UNLOCK(lockedObject);
     PKIX_MUTEX_UNLOCK(lockedMutex);
     if ((pkixErrorReceived) || (pkixErrorResult))
-	return PKIX_DoThrow(stdVars, errorCode, pkixErrorMsg, plContext);
+	return PKIX_DoThrow(stdVars, errorCode, pkixErrMsgNum, plContext);
     /* PKIX_DEBUG_EXIT(type); */
     if (doLogger)
 	_PKIX_DEBUG_TRACE(pkixLoggersDebugTrace, "<<<", PKIX_LOGGER_LEVEL_TRACE);
     return NULL;
 }
 
 PKIX_Error *
-PKIX_DoCheck(PKIX_StdVars * stdVars, int descNum, void *plContext)
+PKIX_DoCheck(PKIX_StdVars * stdVars, PKIX_ERRSTRINGNUM descNum, void *plContext)
 {
     pkixTempResult = 
 	PKIX_Error_GetErrorCode(pkixErrorResult, &pkixErrorCode, plContext);
     if (pkixTempResult)
 	return pkixTempResult;
     pkixErrorMsg = PKIX_ErrorText[descNum];
     if (pkixErrorCode == PKIX_FATAL_ERROR)
 	return PKIX_DoReturn(stdVars, pkixErrorCode, PKIX_TRUE, plContext);
--- a/security/nss/lib/libpkix/pkix/util/pkix_tools.c
+++ b/security/nss/lib/libpkix/pkix/util/pkix_tools.c
@@ -156,27 +156,22 @@ cleanup:
  *  Returns NULL if the function succeeds.
  *  Returns an Error Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 pkix_Throw(
         PKIX_UInt32 errorCode,
         const char *funcName,
-        const char *errorText,
+        PKIX_ERRSTRINGNUM errorTextCode,
         PKIX_Error *cause,
         PKIX_Error **pError,
         void *plContext)
 {
-        PKIX_PL_String *formatString = NULL;
-        PKIX_PL_String *funcNameString = NULL;
-        PKIX_PL_String *textString = NULL;
-        PKIX_PL_String *errorString = NULL;
         PKIX_UInt32 causeCode;
-        char *format = NULL;
 
         PKIX_ENTER(ERROR, "pkix_Throw");
         PKIX_NULLCHECK_TWO(funcName, pError);
 
         *pError = NULL;
 
         /* if cause has error code of PKIX_FATAL_ERROR, return immediately */
         if (cause) {
@@ -185,54 +180,21 @@ pkix_Throw(
                 if (pkixTempResult) goto cleanup;
 
                 if (causeCode == PKIX_FATAL_ERROR){
                         *pError = cause;
                         goto cleanup;
                 }
         }
 
-        format = "%s: %s";
-
-        pkixTempResult = PKIX_PL_String_Create
-                (PKIX_ESCASCII, (void *)format, 0, &formatString, plContext);
-        if (pkixTempResult) goto cleanup;
-
-        pkixTempResult = PKIX_PL_String_Create
-                (PKIX_ESCASCII,
-                (void *)funcName,
-                0,
-                &funcNameString,
-                plContext);
-        if (pkixTempResult) goto cleanup;
-
-        pkixTempResult = PKIX_PL_String_Create
-                (PKIX_ESCASCII,
-                (void *)errorText,
-                0,
-                &textString,
-                plContext);
-        if (pkixTempResult) goto cleanup;
-
-        pkixTempResult = PKIX_PL_Sprintf
-                (&errorString,
-                plContext,
-                formatString,
-                funcNameString,
-                textString);
-
-        pkixTempResult = PKIX_Error_Create
-                (errorCode, cause, NULL, errorString, pError, plContext);
+       pkixTempResult = PKIX_Error_Create(errorCode, cause, NULL,
+                                           errorTextCode, pError, plContext);
 
 cleanup:
 
-        PKIX_DECREF(errorString);
-        PKIX_DECREF(formatString);
-        PKIX_DECREF(funcNameString);
-        PKIX_DECREF(textString);
         PKIX_DEBUG_EXIT(ERROR);
         pkixErrorCode = 0;
         return (pkixTempResult);
 }
 
 /*
  * FUNCTION: pkix_CheckTypes
  * DESCRIPTION:
--- a/security/nss/lib/libpkix/pkix/util/pkix_tools.h
+++ b/security/nss/lib/libpkix/pkix/util/pkix_tools.h
@@ -127,20 +127,22 @@ typedef struct pkixStdVarsStr {
 
 extern PKIX_Error * PKIX_DoReturn(PKIX_StdVars * stdVars, 
                                   PKIX_ERRORNUM errorCode, 
                                   PKIX_Boolean doLogger,
 				  void * plContext);
 
 extern PKIX_Error * PKIX_DoThrow(PKIX_StdVars * stdVars, 
                                  PKIX_ERRORNUM errorCode, 
-				 const char * desc, void * plContext);
+			      PKIX_ERRSTRINGNUM descNum,
+                                 void * plContext);
 
 extern PKIX_Error * PKIX_DoCheck(PKIX_StdVars * stdVars, 
-				 int descNum, void * plContext);
+			      PKIX_ERRSTRINGNUM descNum,
+                                 void * plContext);
 
 extern const PKIX_StdVars zeroStdVars;
 
 /*
  * UTILITY MACROS
  * Documentation for these common utility macros can be found in the
  * Implementation Guidelines document (Section 4.3)
  *
@@ -228,56 +230,56 @@ extern const PKIX_StdVars zeroStdVars;
 			((PKIX_PL_Object *)(obj), plContext); \
 	    if (pkixTempResult) \
 		return pkixTempResult; \
 	    obj = NULL; \
 	} \
     } while (0)
 
 #if defined(DEBUG) && !defined(DEBUG_nb95248)
-#define PKIX_THROW(type, desc) \
+#define PKIX_THROW(type, descNum) \
     { \
 	pkixTempResult = (PKIX_Error*)pkix_Throw \
-		(PKIX_ ## type ## _ERROR, myFuncName, desc, \
+		(PKIX_ ## type ## _ERROR, myFuncName, descNum, \
 		pkixErrorResult, &pkixReturnResult, plContext); \
 	if (pkixErrorResult != PKIX_ALLOC_ERROR()) \
 	    PKIX_DECREF(pkixErrorResult); \
 	if (pkixTempResult) \
 	    return pkixTempResult; \
 	return pkixReturnResult; \
     }
 #else
-#define PKIX_THROW(type, desc) \
-    return PKIX_DoThrow(&stdVars, (PKIX_ ## type ## _ERROR), desc, plContext);
+#define PKIX_THROW(type, descNum) \
+    return PKIX_DoThrow(&stdVars, (PKIX_ ## type ## _ERROR), descNum, plContext);
 #endif
 
 
 #if defined(DEBUG) && !defined(DEBUG_nb95248)
 #define PKIX_RETURN(type) \
     { \
 	PKIX_OBJECT_UNLOCK(lockedObject); \
 	PKIX_MUTEX_UNLOCK(lockedMutex); \
 	if ((pkixErrorReceived) || (pkixErrorResult)) \
-	    PKIX_THROW(type, pkixErrorMsg); \
+	    PKIX_THROW(type, pkixErrMsgNum); \
 	PKIX_DEBUG_EXIT(type); \
 	_PKIX_DEBUG_TRACE(pkixLoggersDebugTrace, "<<<", PKIX_LOGGER_LEVEL_TRACE); \
 	return NULL; \
     }
 #else
 #define PKIX_RETURN(type) \
     return PKIX_DoReturn(&stdVars, (PKIX_ ## type ## _ERROR), PKIX_TRUE, plContext);
 #endif
 
 #if defined(DEBUG) && !defined(DEBUG_nb95248)
 #define PKIX_RETURN_NO_LOGGER(type) \
     { \
 	PKIX_OBJECT_UNLOCK(lockedObject); \
 	PKIX_MUTEX_UNLOCK(lockedMutex); \
 	if ((pkixErrorReceived) || (pkixErrorResult)) \
-	    PKIX_THROW(type, pkixErrorMsg); \
+	    PKIX_THROW(type, pkixErrMsgNum); \
 	PKIX_DEBUG_EXIT(type); \
 	return NULL; \
     }
 #else
 #define PKIX_RETURN_NO_LOGGER(type) \
     return PKIX_DoReturn(&stdVars, (PKIX_ ## type ## _ERROR), PKIX_FALSE, plContext);
 #endif
 
@@ -287,16 +289,17 @@ extern const PKIX_StdVars zeroStdVars;
 #define PKIX_CHECK(func, descNum) \
     do { \
 	pkixErrorResult = (func); \
 	if (pkixErrorResult) { \
 	    pkixTempResult = PKIX_Error_GetErrorCode \
 		    (pkixErrorResult, &pkixErrorCode, plContext); \
 	    if (pkixTempResult) \
 	    	return pkixTempResult; \
+	    pkixErrMsgNum = descNum; \
 	    pkixErrorMsg = PKIX_ErrorText[descNum]; \
 	    if (pkixErrorCode == PKIX_FATAL_ERROR) \
 		PKIX_RETURN(FATAL); \
 	    goto cleanup; \
 	} \
     } while (0)
 #else
 #define PKIX_CHECK(func, descNum) \
@@ -317,30 +320,32 @@ extern const PKIX_StdVars zeroStdVars;
 	pkixErrorResult = (func); \
 	if (pkixErrorResult) { \
 	    pkixTempErrorReceived = PKIX_TRUE; \
 	    pkixTempResult = PKIX_Error_GetErrorCode \
 		    (pkixErrorResult, &pkixErrorCode, plContext); \
 	    if (pkixTempResult)  \
 	    	return pkixTempResult; \
 	    if (pkixErrorCode == PKIX_FATAL_ERROR){ \
+	         pkixErrMsgNum = descNum; \
 		pkixErrorMsg = PKIX_ErrorText[descNum]; \
 		PKIX_RETURN(FATAL); \
 	    } \
 	    PKIX_DECREF(pkixErrorResult); \
 	} \
     } while (0)
 
 #define PKIX_LOG_ERROR(descNum) \
     _PKIX_LOG_ERROR(PKIX_ErrorText[descNum], PKIX_LOGGER_LEVEL_ERROR)
 
 #define PKIX_ERROR(descNum) \
     { \
 	PKIX_LOG_ERROR(descNum) \
 	pkixErrorReceived = PKIX_TRUE; \
+	pkixErrMsgNum = descNum; \
 	pkixErrorMsg = PKIX_ErrorText[descNum]; \
 	goto cleanup; \
     }
 
 #define PKIX_ERROR_FATAL(descNum) \
     { \
 	pkixErrorReceived = PKIX_TRUE; \
 	pkixErrorMsg = PKIX_ErrorText[descNum]; \
@@ -403,17 +408,17 @@ extern const PKIX_StdVars zeroStdVars;
 	    lockedMutex = (obj); \
 	} \
     } while (0)
 
 #define PKIX_ERROR_CREATE(type, descNum, error) \
     { \
 	pkixTempResult = (PKIX_Error*)pkix_Throw \
 		(PKIX_ ## type ## _ERROR,  myFuncName, \
-		PKIX_ErrorText[descNum], NULL, &error, plContext); \
+		descNum, NULL, &error, plContext); \
 	if (pkixTempResult)  \
 	    error = pkixTempResult; \
     }
 		
 
 #define PKIX_ERROR_RECEIVED \
     (pkixErrorReceived || pkixErrorResult || pkixTempErrorReceived)
 
@@ -1380,17 +1385,17 @@ pkix_IsCertSelfIssued(
         PKIX_PL_Cert *cert,
         PKIX_Boolean *pSelfIssued,
         void *plContext);
 
 PKIX_Error *
 pkix_Throw(
         PKIX_UInt32 code,
         const char *funcName,
-        const char *errorText,
+        PKIX_ERRSTRINGNUM errorTextCode,
         PKIX_Error *cause,
         PKIX_Error **pError,
         void *plContext);
 
 PKIX_Error *
 pkix_CheckTypes(
         PKIX_PL_Object *first,
         PKIX_PL_Object *second,
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
@@ -50,40 +50,16 @@ PRLock *classTableLock;
 
 /*
  * PKIX_ALLOC_ERROR is a special error object hard-coded into the
  * pkix_error.o object file. It is thrown if system memory cannot be
  * allocated. PKIX_ALLOC_ERROR is immutable.
  * IncRef, DecRef, and Settor functions cannot be called.
  */
 
-/*
- * This data looks like a UTF-16 string of "PKIX_ALLOC_ERROR".
- * It is used to create a static PKIX_PL_String object, pkix_Alloc_Error_desc.
- */
-static const char pkix_Alloc_Error_Msg[32] =
-        {
-                0, 'P', 0, 'K', 0, 'I', 0, 'X',
-                0, ' ',
-                0, 'A', 0, 'L', 0, 'L', 0, 'O', 0, 'C',
-                0, ' ',
-                0, 'E', 0, 'R', 0, 'R', 0, 'O', 0, 'R'
-        };
-
-/*
- * This is raw data laid out to look like a PKIX_PL_String in memory
- * XXX If PKIX_PL_StringStruct is changed, this will break.
- */
-static PKIX_PL_String pkix_Alloc_Error_Desc = {
-        (void *)&pkix_Alloc_Error_Msg,  /* void *utf16String */
-        (PKIX_UInt32)32,                /* PKIX_UInt32 utf16Length */
-        (char *)NULL,                   /* char *escAsciiString */
-        (PKIX_UInt32)0                  /* PKIX_UInt32 escAsciiLength */
-};
-
 /* Keep this structure definition here for its is used only once here */
 struct PKIX_Alloc_Error_ObjectStruct {
         PKIX_PL_Object header;
         PKIX_Error error;
 };
 typedef struct PKIX_Alloc_Error_ObjectStruct PKIX_Alloc_Error_Object;
 
 static PKIX_Alloc_Error_Object pkix_Alloc_Error_Data = {
@@ -92,20 +68,20 @@ static PKIX_Alloc_Error_Object pkix_Allo
         (PKIX_UInt32)PKIX_ERROR_TYPE,   /* PKIX_UInt32 type */
         (PKIX_UInt32)1,                 /* PKIX_UInt32 references */
         /* Warning! Cannot Ref Count with NULL lock */
         (void *)0,                      /* PRLock *lock */
         (PKIX_PL_String *)0,            /* PKIX_PL_String *stringRep */
         (PKIX_UInt32)0,                 /* PKIX_UInt32 hashcode */
         (PKIX_Boolean)PKIX_FALSE,       /* PKIX_Boolean hashcodeCached */
     }, {
-        PKIX_FATAL_ERROR,               /* PKIX_UInt32 code */
+        (PKIX_ERRORNUM)PKIX_FATAL_ERROR,/* PKIX_UInt32 code */
         (PKIX_Error *)0,                /* PKIX_Error *cause */
         (PKIX_PL_Object *)0,            /* PKIX_PL_Object *info */
-        &pkix_Alloc_Error_Desc          /* PKIX_PL_String *desc */
+        (PKIX_ERRSTRINGNUM)0,           /* PKIX_ERRSTRINGNUM descCode; */
    }
 };
 
 PKIX_Error* PKIX_ALLOC_ERROR(void)
 {
     return &pkix_Alloc_Error_Data.error;
 }
 
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c
@@ -42,16 +42,17 @@
  */
 
 #include "pkix_pl_object.h"
 
 /* --Debugging---------------------------------------------------- */
 
 static PKIX_UInt32 refCountTotal = 0;
 
+                              
 /* --Class-Table-Initializers------------------------------------ */
 
 /*
  * Create storage space for 20 Class Table buckets.
  * These are only for user-defined types. System types are registered
  * separately by PKIX_PL_Initialize.
  */
 
@@ -760,19 +761,17 @@ PKIX_PL_Object_IncRef(
                 PKIX_REF_COUNT_DEBUG_ARG("PKIX_PL_Object_IncRef: "
                                     "refCountTotal == %d \n", refCountTotal);
         }
 
         PKIX_CHECK(pkix_UnlockObject(object, plContext),
                     PKIX_ERRORUNLOCKINGOBJECT);
 
         if (refCountError) {
-                PKIX_THROW
-                    (FATAL,
-                    PKIX_ErrorText[PKIX_OBJECTWITHNONPOSITIVEREFERENCES]);
+                PKIX_THROW(FATAL, PKIX_OBJECTWITHNONPOSITIVEREFERENCES);
         }
 
 cleanup:
 
         PKIX_RETURN(OBJECT);
 }
 
 /*