Bug 1323998 - Stop using Scoped.h NSS types in dtlsidentity.(cpp|h) and nricectx.cpp. r=mt
authorCykesiopka <cykesiopka.bmo@gmail.com>
Wed, 21 Dec 2016 22:09:10 +0800
changeset 371882 294ce2352aa7574de1353a6f75ccc0a664752589
parent 371881 012ca1fe054898184ef11cc36f35f23bd89e03fb
child 371883 02cbb6db8bd22dbfde0e79e6b0320fbe97a24518
push id6996
push userjlorenzo@mozilla.com
push dateMon, 06 Mar 2017 20:48:21 +0000
treeherdermozilla-beta@d89512dab048 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmt
bugs1323998
milestone53.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1323998 - Stop using Scoped.h NSS types in dtlsidentity.(cpp|h) and nricectx.cpp. r=mt Scoped.h is deprecated. MozReview-Commit-ID: IRFLV2mfN4J
dom/media/webrtc/RTCCertificate.cpp
media/mtransport/dtlsidentity.cpp
media/mtransport/dtlsidentity.h
media/mtransport/nricectx.cpp
media/mtransport/transportlayerdtls.cpp
security/manager/ssl/ScopedNSSTypes.h
--- a/dom/media/webrtc/RTCCertificate.cpp
+++ b/dom/media/webrtc/RTCCertificate.cpp
@@ -8,16 +8,17 @@
 
 #include <cmath>
 #include "cert.h"
 #include "jsapi.h"
 #include "mozilla/dom/CryptoKey.h"
 #include "mozilla/dom/RTCCertificateBinding.h"
 #include "mozilla/dom/WebCryptoCommon.h"
 #include "mozilla/dom/WebCryptoTask.h"
+#include "mozilla/Move.h"
 #include "mozilla/Sprintf.h"
 
 #include <cstdio>
 
 namespace mozilla {
 namespace dom {
 
 #define RTCCERTIFICATE_SC_VERSION 0x00000001
@@ -328,19 +329,19 @@ RTCCertificate::~RTCCertificate()
 // creates before the RTCCertificate reference is released.
 RefPtr<DtlsIdentity>
 RTCCertificate::CreateDtlsIdentity() const
 {
   nsNSSShutDownPreventionLock locker;
   if (isAlreadyShutDown() || !mPrivateKey || !mCertificate) {
     return nullptr;
   }
-  SECKEYPrivateKey* key = SECKEY_CopyPrivateKey(mPrivateKey.get());
-  CERTCertificate* cert = CERT_DupCertificate(mCertificate.get());
-  RefPtr<DtlsIdentity> id = new DtlsIdentity(key, cert, mAuthType);
+  UniqueSECKEYPrivateKey key(SECKEY_CopyPrivateKey(mPrivateKey.get()));
+  UniqueCERTCertificate cert(CERT_DupCertificate(mCertificate.get()));
+  RefPtr<DtlsIdentity> id = new DtlsIdentity(Move(key), Move(cert), mAuthType);
   return id;
 }
 
 JSObject*
 RTCCertificate::WrapObject(JSContext* aCx, JS::Handle<JSObject*> aGivenProto)
 {
   return RTCCertificateBinding::Wrap(aCx, this, aGivenProto);
 }
--- a/media/mtransport/dtlsidentity.cpp
+++ b/media/mtransport/dtlsidentity.cpp
@@ -14,72 +14,70 @@
 #include "sechash.h"
 #include "ssl.h"
 
 #include "mozilla/Sprintf.h"
 
 namespace mozilla {
 
 RefPtr<DtlsIdentity> DtlsIdentity::Generate() {
-  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+  UniquePK11SlotInfo slot(PK11_GetInternalSlot());
   if (!slot) {
     return nullptr;
   }
 
   uint8_t random_name[16];
 
-  SECStatus rv = PK11_GenerateRandomOnSlot(slot, random_name,
+  SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), random_name,
                                            sizeof(random_name));
   if (rv != SECSuccess)
     return nullptr;
 
   std::string name;
   char chunk[3];
   for (size_t i = 0; i < sizeof(random_name); ++i) {
     SprintfLiteral(chunk, "%.2x", random_name[i]);
     name += chunk;
   }
 
   std::string subject_name_string = "CN=" + name;
-  ScopedCERTName subject_name(CERT_AsciiToName(subject_name_string.c_str()));
+  UniqueCERTName subject_name(CERT_AsciiToName(subject_name_string.c_str()));
   if (!subject_name) {
     return nullptr;
   }
 
   unsigned char paramBuf[12]; // OIDs are small
   SECItem ecdsaParams = { siBuffer, paramBuf, sizeof(paramBuf) };
   SECOidData* oidData = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1);
   if (!oidData || (oidData->oid.len > (sizeof(paramBuf) - 2))) {
     return nullptr;
   }
   ecdsaParams.data[0] = SEC_ASN1_OBJECT_ID;
   ecdsaParams.data[1] = oidData->oid.len;
   memcpy(ecdsaParams.data + 2, oidData->oid.data, oidData->oid.len);
   ecdsaParams.len = oidData->oid.len + 2;
 
-  ScopedSECKEYPrivateKey private_key;
-  ScopedSECKEYPublicKey public_key;
   SECKEYPublicKey *pubkey;
-
-  private_key =
-      PK11_GenerateKeyPair(slot,
+  UniqueSECKEYPrivateKey private_key(
+      PK11_GenerateKeyPair(slot.get(),
                            CKM_EC_KEY_PAIR_GEN, &ecdsaParams, &pubkey,
-                           PR_FALSE, PR_TRUE, nullptr);
+                           PR_FALSE, PR_TRUE, nullptr));
   if (private_key == nullptr)
     return nullptr;
-  public_key = pubkey;
+  UniqueSECKEYPublicKey public_key(pubkey);
+  pubkey = nullptr;
 
-  ScopedCERTSubjectPublicKeyInfo spki(
-      SECKEY_CreateSubjectPublicKeyInfo(pubkey));
+  UniqueCERTSubjectPublicKeyInfo spki(
+      SECKEY_CreateSubjectPublicKeyInfo(public_key.get()));
   if (!spki) {
     return nullptr;
   }
 
-  ScopedCERTCertificateRequest certreq(
-      CERT_CreateCertificateRequest(subject_name, spki, nullptr));
+  UniqueCERTCertificateRequest certreq(
+      CERT_CreateCertificateRequest(subject_name.get(), spki.get(), nullptr));
   if (!certreq) {
     return nullptr;
   }
 
   // From 1 day before todayto 30 days after.
   // This is a sort of arbitrary range designed to be valid
   // now with some slack in case the other side expects
   // some before expiry.
@@ -89,32 +87,33 @@ RefPtr<DtlsIdentity> DtlsIdentity::Gener
   static const PRTime oneDay = PRTime(PR_USEC_PER_SEC)
                              * PRTime(60)  // sec
                              * PRTime(60)  // min
                              * PRTime(24); // hours
   PRTime now = PR_Now();
   PRTime notBefore = now - oneDay;
   PRTime notAfter = now + (PRTime(30) * oneDay);
 
-  ScopedCERTValidity validity(CERT_CreateValidity(notBefore, notAfter));
+  UniqueCERTValidity validity(CERT_CreateValidity(notBefore, notAfter));
   if (!validity) {
     return nullptr;
   }
 
   unsigned long serial;
   // Note: This serial in principle could collide, but it's unlikely
-  rv = PK11_GenerateRandomOnSlot(slot,
+  rv = PK11_GenerateRandomOnSlot(slot.get(),
                                  reinterpret_cast<unsigned char *>(&serial),
                                  sizeof(serial));
   if (rv != SECSuccess) {
     return nullptr;
   }
 
-  ScopedCERTCertificate certificate(
-      CERT_CreateCertificate(serial, subject_name, validity, certreq));
+  UniqueCERTCertificate certificate(
+      CERT_CreateCertificate(serial, subject_name.get(), validity.get(),
+                             certreq.get()));
   if (!certificate) {
     return nullptr;
   }
 
   PLArenaPool *arena = certificate->arena;
 
   rv = SECOID_SetAlgorithmID(arena, &certificate->signature,
                              SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE, 0);
@@ -124,36 +123,37 @@ RefPtr<DtlsIdentity> DtlsIdentity::Gener
   // Set version to X509v3.
   *(certificate->version.data) = SEC_CERTIFICATE_VERSION_3;
   certificate->version.len = 1;
 
   SECItem innerDER;
   innerDER.len = 0;
   innerDER.data = nullptr;
 
-  if (!SEC_ASN1EncodeItem(arena, &innerDER, certificate,
+  if (!SEC_ASN1EncodeItem(arena, &innerDER, certificate.get(),
                           SEC_ASN1_GET(CERT_CertificateTemplate))) {
     return nullptr;
   }
 
   SECItem *signedCert = PORT_ArenaZNew(arena, SECItem);
   if (!signedCert) {
     return nullptr;
   }
 
   rv = SEC_DerSignData(arena, signedCert, innerDER.data, innerDER.len,
-                       private_key,
+                       private_key.get(),
                        SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE);
   if (rv != SECSuccess) {
     return nullptr;
   }
   certificate->derCert = *signedCert;
 
-  RefPtr<DtlsIdentity> identity =
-      new DtlsIdentity(private_key.forget(), certificate.forget(), ssl_kea_ecdh);
+  RefPtr<DtlsIdentity> identity = new DtlsIdentity(Move(private_key),
+                                                   Move(certificate),
+                                                   ssl_kea_ecdh);
   return identity.forget();
 }
 
 const std::string DtlsIdentity::DEFAULT_HASH_ALGORITHM = "sha-256";
 
 nsresult DtlsIdentity::ComputeFingerprint(const std::string algorithm,
                                           uint8_t *digest,
                                           size_t size,
--- a/media/mtransport/dtlsidentity.h
+++ b/media/mtransport/dtlsidentity.h
@@ -4,42 +4,43 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 #ifndef dtls_identity_h__
 #define dtls_identity_h__
 
 #include <string>
 
 #include "m_cpp_utils.h"
+#include "mozilla/Move.h"
 #include "mozilla/RefPtr.h"
 #include "nsISupportsImpl.h"
+#include "ScopedNSSTypes.h"
 #include "sslt.h"
-#include "ScopedNSSTypes.h"
 
 // All code in this module requires NSS to be live.
 // Callers must initialize NSS and implement the nsNSSShutdownObject
 // protocol.
 namespace mozilla {
 
 class DtlsIdentity final {
  public:
   // This constructor takes ownership of privkey and cert.
-  DtlsIdentity(SECKEYPrivateKey *privkey,
-               CERTCertificate *cert,
+  DtlsIdentity(UniqueSECKEYPrivateKey privkey,
+               UniqueCERTCertificate cert,
                SSLKEAType authType)
-      : private_key_(privkey), cert_(cert), auth_type_(authType) {}
+      : private_key_(Move(privkey)), cert_(Move(cert)), auth_type_(authType) {}
 
   // This is only for use in tests, or for external linkage.  It makes a (bad)
   // instance of this class.
   static RefPtr<DtlsIdentity> Generate();
 
   // These don't create copies or transfer ownership. If you want these to live
   // on, make a copy.
   const UniqueCERTCertificate& cert() const { return cert_; }
-  SECKEYPrivateKey *privkey() const { return private_key_; }
+  const UniqueSECKEYPrivateKey& privkey() const { return private_key_; }
   // Note: this uses SSLKEAType because that is what the libssl API requires.
   // This is a giant confusing mess, but libssl indexes certificates based on a
   // key exchange type, not authentication type (as you might have reasonably
   // expected).
   SSLKEAType auth_type() const { return auth_type_; }
 
   nsresult ComputeFingerprint(const std::string algorithm,
                               uint8_t *digest,
@@ -57,14 +58,14 @@ class DtlsIdentity final {
   };
 
   NS_INLINE_DECL_THREADSAFE_REFCOUNTING(DtlsIdentity)
 
  private:
   ~DtlsIdentity() {}
   DISALLOW_COPY_ASSIGN(DtlsIdentity);
 
-  ScopedSECKEYPrivateKey private_key_;
+  UniqueSECKEYPrivateKey private_key_;
   UniqueCERTCertificate cert_;
   SSLKEAType auth_type_;
 };
 }  // close namespace
 #endif
--- a/media/mtransport/nricectx.cpp
+++ b/media/mtransport/nricectx.cpp
@@ -109,21 +109,21 @@ MOZ_MTLOG_MODULE("mtransport")
 
 const char kNrIceTransportUdp[] = "udp";
 const char kNrIceTransportTcp[] = "tcp";
 
 static bool initialized = false;
 
 // Implement NSPR-based crypto algorithms
 static int nr_crypto_nss_random_bytes(UCHAR *buf, int len) {
-  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+  UniquePK11SlotInfo slot(PK11_GetInternalSlot());
   if (!slot)
     return R_INTERNAL;
 
-  SECStatus rv = PK11_GenerateRandomOnSlot(slot, buf, len);
+  SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), buf, len);
   if (rv != SECSuccess)
     return R_INTERNAL;
 
   return 0;
 }
 
 static int nr_crypto_nss_hmac(UCHAR *key, int keyl, UCHAR *buf, int bufl,
                               UCHAR *result) {
--- a/media/mtransport/transportlayerdtls.cpp
+++ b/media/mtransport/transportlayerdtls.cpp
@@ -513,17 +513,17 @@ bool TransportLayerDtls::Setup() {
     if (rv != SECSuccess) {
       MOZ_MTLOG(ML_ERROR, "Couldn't set identity");
       return false;
     }
   } else {
     MOZ_MTLOG(ML_INFO, "Setting up DTLS as server");
     // Server side
     rv = SSL_ConfigSecureServer(ssl_fd.get(), identity_->cert().get(),
-                                identity_->privkey(),
+                                identity_->privkey().get(),
                                 identity_->auth_type());
     if (rv != SECSuccess) {
       MOZ_MTLOG(ML_ERROR, "Couldn't set identity");
       return false;
     }
 
     UniqueCERTCertList zero_certs(CERT_NewCertList());
     rv = SSL_SetTrustAnchors(ssl_fd.get(), zero_certs.get());
@@ -1085,17 +1085,17 @@ SECStatus TransportLayerDtls::GetClientA
   }
 
   *pRetCert = CERT_DupCertificate(stream->identity_->cert().get());
   if (!*pRetCert) {
     PR_SetError(PR_OUT_OF_MEMORY_ERROR, 0);
     return SECFailure;
   }
 
-  *pRetKey = SECKEY_CopyPrivateKey(stream->identity_->privkey());
+  *pRetKey = SECKEY_CopyPrivateKey(stream->identity_->privkey().get());
   if (!*pRetKey) {
     CERT_DestroyCertificate(*pRetCert);
     *pRetCert = nullptr;
     PR_SetError(PR_OUT_OF_MEMORY_ERROR, 0);
     return SECFailure;
   }
 
   return SECSuccess;
--- a/security/manager/ssl/ScopedNSSTypes.h
+++ b/security/manager/ssl/ScopedNSSTypes.h
@@ -57,29 +57,19 @@ MapSECStatus(SECStatus rv)
   return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
 }
 
 // Alphabetical order by NSS type
 // Deprecated: use the equivalent UniquePtr templates instead.
 MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertificate,
                                           CERTCertificate,
                                           CERT_DestroyCertificate)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertificateRequest,
-                                          CERTCertificateRequest,
-                                          CERT_DestroyCertificateRequest)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTName,
-                                          CERTName,
-                                          CERT_DestroyName)
 MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTSubjectPublicKeyInfo,
                                           CERTSubjectPublicKeyInfo,
                                           SECKEY_DestroySubjectPublicKeyInfo)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTValidity,
-                                          CERTValidity,
-                                          CERT_DestroyValidity)
-// Deprecated: use the equivalent UniquePtr templates instead.
 
 namespace internal {
 
 inline void
 PK11_DestroyContext_true(PK11Context * ctx) {
   PK11_DestroyContext(ctx, true);
 }