Bug 1248874 - Replace Scoped.h templates used only by PSM in ScopedNSSTypes.h with UniquePtr equivalents. r=dkeeler

MozReview-Commit-ID: 5OClBV522lv
2024-09-13 09:24:08 -07:00 · 2016-02-18 06:01:39 -08:00 · 2016-02-18 06:01:39 -08:00 · 4533d8e22a
commit 4533d8e22a
parent aa16a9169f
9 changed files with 53 additions and 65 deletions
--- a/security/certverifier/CertVerifier.cpp
+++ b/security/certverifier/CertVerifier.cpp
@ -82,8 +82,7 @@ SECStatus
 IsCertBuiltInRoot(CERTCertificate* cert, bool& result)
 {
  result = false;
-  ScopedPK11SlotList slots;
-  slots = PK11_GetAllSlotsForCert(cert, nullptr);
+  UniquePK11SlotList slots(PK11_GetAllSlotsForCert(cert, nullptr));
  if (!slots) {
    if (PORT_GetError() == SEC_ERROR_NO_TOKEN) {
      // no list
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@ -1017,7 +1017,7 @@ LoadLoadableRoots(/*optional*/ const char* dir, const char* modNameUTF8)
    return SECFailure;
  }

-  ScopedSECMODModule rootsModule(SECMOD_LoadUserModule(pkcs11ModuleSpec.get(),
+  UniqueSECMODModule rootsModule(SECMOD_LoadUserModule(pkcs11ModuleSpec.get(),
                                                       nullptr, false));
  if (!rootsModule) {
    return SECFailure;
@ -1035,7 +1035,7 @@ void
 UnloadLoadableRoots(const char* modNameUTF8)
 {
  PR_ASSERT(modNameUTF8);
-  ScopedSECMODModule rootsModule(SECMOD_FindModule(modNameUTF8));
+  UniqueSECMODModule rootsModule(SECMOD_FindModule(modNameUTF8));

  if (rootsModule) {
    SECMOD_UnloadUserModule(rootsModule.get());
--- a/security/manager/ssl/SSLServerCertVerification.cpp
+++ b/security/manager/ssl/SSLServerCertVerification.cpp
@ -1088,7 +1088,7 @@ GatherEKUTelemetry(const ScopedCERTCertList& certList)
  }

  // Parse the EKU extension
-  ScopedCERTOidSequence ekuSequence(
+  UniqueCERTOidSequence ekuSequence(
    CERT_DecodeOidSequence(&ekuExtension->value));
  if (!ekuSequence) {
    return;
--- a/security/manager/ssl/ScopedNSSTypes.h
+++ b/security/manager/ssl/ScopedNSSTypes.h
@ -4,6 +4,9 @@
 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 * You can obtain one at http://mozilla.org/MPL/2.0/. */

+// This header provides smart pointers and various helpers for code that needs
+// to interact with NSS.
+
 #ifndef mozilla_ScopedNSSTypes_h
 #define mozilla_ScopedNSSTypes_h

@ -70,6 +73,7 @@ MapSECStatus(SECStatus rv)
 }

 // Alphabetical order by NSS type
+// Deprecated: use the equivalent UniquePtr templates instead.
 MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPRFileDesc,
                                          PRFileDesc,
                                          PR_Close)
@ -88,25 +92,13 @@ MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertList,
 MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTName,
                                          CERTName,
                                          CERT_DestroyName)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTOidSequence,
-                                          CERTOidSequence,
-                                          CERT_DestroyOidSequence)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertNicknames,
-                                          CERTCertNicknames,
-                                          CERT_FreeNicknames)
 MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTSubjectPublicKeyInfo,
                                          CERTSubjectPublicKeyInfo,
                                          SECKEY_DestroySubjectPublicKeyInfo)
 MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTValidity,
                                          CERTValidity,
                                          CERT_DestroyValidity)
-
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedNSSCMSMessage,
-                                          NSSCMSMessage,
-                                          NSS_CMSMessage_Destroy)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedNSSCMSSignedData,
-                                          NSSCMSSignedData,
-                                          NSS_CMSSignedData_Destroy)
+// Deprecated: use the equivalent UniquePtr templates instead.

 namespace psm {

@ -115,30 +107,15 @@ PK11_DestroyContext_true(PK11Context * ctx) {
  PK11_DestroyContext(ctx, true);
 }

-inline void
-SGN_DestroyContext_true(SGNContext* ctx) {
-  SGN_DestroyContext(ctx, true);
-}
-
-inline void
-VFY_DestroyContext_true(VFYContext * ctx) {
-  VFY_DestroyContext(ctx, true);
-}
-
 } // namespace mozilla::psm

+// Deprecated: use the equivalent UniquePtr templates instead.
 MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11Context,
                                          PK11Context,
                                          mozilla::psm::PK11_DestroyContext_true)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSGNContext,
-                                          SGNContext,
-                                          mozilla::psm::SGN_DestroyContext_true)
 MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSGNDigestInfo,
                                          SGNDigestInfo,
                                          SGN_DestroyDigestInfo)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedVFYContext,
-                                          VFYContext,
-                                          mozilla::psm::VFY_DestroyContext_true)

 /** A more convenient way of dealing with digests calculated into
 *  stack-allocated buffers. NSS must be initialized on the main thread before
@ -231,23 +208,16 @@ private:
  SECItem item;
 };

+// Deprecated: use the equivalent UniquePtr templates instead.
 MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11SlotInfo,
                                          PK11SlotInfo,
                                          PK11_FreeSlot)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11SlotList,
-                                          PK11SlotList,
-                                          PK11_FreeSlotList)
 MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11SymKey,
                                          PK11SymKey,
                                          PK11_FreeSymKey)
 MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11GenericObject,
                                          PK11GenericObject,
                                          PK11_DestroyGenericObject)
-
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSEC_PKCS7ContentInfo,
-                                          SEC_PKCS7ContentInfo,
-                                          SEC_PKCS7DestroyContentInfo)
-
 MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSEC_PKCS12DecoderContext,
                                          SEC_PKCS12DecoderContext,
                                          SEC_PKCS12DecoderFinish)
@ -263,6 +233,7 @@ PORT_FreeArena_false(PLArenaPool* arena)

 } // namespace internal

+// Deprecated: use the equivalent UniquePtr templates instead.
 MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPLArenaPool,
                                          PLArenaPool,
                                          internal::PORT_FreeArena_false)
@ -325,10 +296,10 @@ inline void SECKEYEncryptedPrivateKeyInfo_true(SECKEYEncryptedPrivateKeyInfo * e

 } // namespace internal

+// Deprecated: use the equivalent UniquePtr templates instead.
 MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECItem,
                                          SECItem,
                                          internal::SECITEM_FreeItem_true)
-
 MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECKEYPrivateKey,
                                          SECKEYPrivateKey,
                                          SECKEY_DestroyPrivateKey)
@ -341,8 +312,6 @@ MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECKEYPublicKey,
 MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECAlgorithmID,
                                          SECAlgorithmID,
                                          internal::SECOID_DestroyAlgorithmID_true)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECMODModule, SECMODModule,
-                                          SECMOD_DestroyModule)

 // Emulates MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE, but for UniquePtrs.
 #define MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(name, Type, Deleter) \
@ -355,21 +324,40 @@ typedef UniquePtr<Type, name##DeletePolicy> name;
 MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificatePolicies,
                                      CERTCertificatePolicies,
                                      CERT_DestroyCertificatePoliciesExtension)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertNicknames,
+                                      CERTCertNicknames,
+                                      CERT_FreeNicknames)
 MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTOidSequence,
                                      CERTOidSequence,
                                      CERT_DestroyOidSequence)
 MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTUserNotice,
                                      CERTUserNotice,
                                      CERT_DestroyUserNotice)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueNSSCMSMessage,
+                                      NSSCMSMessage,
+                                      NSS_CMSMessage_Destroy)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueNSSCMSSignedData,
+                                      NSSCMSSignedData,
+                                      NSS_CMSSignedData_Destroy)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11SlotList,
+                                      PK11SlotList,
+                                      PK11_FreeSlotList)
+
 MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePLArenaPool,
                                      PLArenaPool,
                                      internal::PORT_FreeArena_false)
+
 MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECItem,
                                      SECItem,
                                      internal::SECITEM_FreeItem_true)
 MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECKEYPublicKey,
                                      SECKEYPublicKey,
                                      SECKEY_DestroyPublicKey)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECMODModule,
+                                      SECMODModule,
+                                      SECMOD_DestroyModule)
 } // namespace mozilla

 #endif // mozilla_ScopedNSSTypes_h
--- a/security/manager/ssl/nsCertPicker.cpp
+++ b/security/manager/ssl/nsCertPicker.cpp
@ -103,7 +103,8 @@ NS_IMETHODIMP nsCertPicker::PickByUsage(nsIInterfaceRequestor *ctx,
    }
  }

-  ScopedCERTCertNicknames nicknames(getNSSCertNicknamesFromCertList(certList.get()));
+  UniqueCERTCertNicknames nicknames(
+    getNSSCertNicknamesFromCertList(certList.get()));
  if (!nicknames) {
    return NS_ERROR_NOT_AVAILABLE;
  }
--- a/security/manager/ssl/nsCrypto.cpp
+++ b/security/manager/ssl/nsCrypto.cpp
@ -51,7 +51,7 @@ nsPkcs11::DeleteModule(const nsAString& aModuleName)
  // before we call SECMOD_DeleteModule, below.
 #ifndef MOZ_NO_SMART_CARDS
  {
-    mozilla::ScopedSECMODModule module(SECMOD_FindModule(moduleName.get()));
+    mozilla::UniqueSECMODModule module(SECMOD_FindModule(moduleName.get()));
    if (!module) {
      return NS_ERROR_FAILURE;
    }
@ -100,7 +100,7 @@ nsPkcs11::AddModule(const nsAString& aModuleName,
  }

 #ifndef MOZ_NO_SMART_CARDS
-  mozilla::ScopedSECMODModule module(SECMOD_FindModule(moduleName.get()));
+  mozilla::UniqueSECMODModule module(SECMOD_FindModule(moduleName.get()));
  if (!module) {
    return NS_ERROR_FAILURE;
  }
--- a/security/manager/ssl/nsDataSignatureVerifier.cpp
+++ b/security/manager/ssl/nsDataSignatureVerifier.cpp
@ -129,7 +129,7 @@ VerifyCMSDetachedSignatureIncludingCertificate(
    return NS_ERROR_INVALID_ARG;
  }

-  ScopedNSSCMSMessage
+  UniqueNSSCMSMessage
    cmsMsg(NSS_CMSMessage_CreateFromDER(const_cast<SECItem*>(&buffer), nullptr,
                                        nullptr, nullptr, nullptr, nullptr,
                                        nullptr));
--- a/security/manager/ssl/nsNSSCertificate.cpp
+++ b/security/manager/ssl/nsNSSCertificate.cpp
@ -11,6 +11,7 @@
 #include "CertVerifier.h"
 #include "ExtendedValidation.h"
 #include "mozilla/UniquePtr.h"
+#include "mozilla/unused.h"
 #include "pkix/pkixnss.h"
 #include "pkix/pkixtypes.h"
 #include "nsNSSComponent.h" // for PIPNSS string bundle calls.
@ -923,14 +924,13 @@ nsNSSCertificate::GetAllTokenNames(uint32_t* aLength, char16_t*** aTokenNames)
  *aTokenNames = nullptr;

  // Get the slots from NSS
-  ScopedPK11SlotList slots;
  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Getting slots for \"%s\"\n", mCert->nickname));
-  slots = PK11_GetAllSlotsForCert(mCert.get(), nullptr);
+  UniquePK11SlotList slots(PK11_GetAllSlotsForCert(mCert.get(), nullptr));
  if (!slots) {
-    if (PORT_GetError() == SEC_ERROR_NO_TOKEN)
+    if (PORT_GetError() == SEC_ERROR_NO_TOKEN) {
      return NS_OK; // List of slots is empty, return empty array
-    else
-      return NS_ERROR_FAILURE;
+    }
+    return NS_ERROR_FAILURE;
  }

  // read the token names from slots
@ -1149,7 +1149,7 @@ nsNSSCertificate::ExportAsCMS(uint32_t chainMode,
      return NS_ERROR_INVALID_ARG;
  }

-  ScopedNSSCMSMessage cmsg(NSS_CMSMessage_Create(nullptr));
+  UniqueNSSCMSMessage cmsg(NSS_CMSMessage_Create(nullptr));
  if (!cmsg) {
    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
           ("nsNSSCertificate::ExportAsCMS - can't create CMS message\n"));
@ -1157,8 +1157,8 @@ nsNSSCertificate::ExportAsCMS(uint32_t chainMode,
  }

  // first, create SignedData with the certificate only (no chain)
-  ScopedNSSCMSSignedData sigd(
-    NSS_CMSSignedData_CreateCertsOnly(cmsg, mCert.get(), false));
+  UniqueNSSCMSSignedData sigd(
+    NSS_CMSSignedData_CreateCertsOnly(cmsg.get(), mCert.get(), false));
  if (!sigd) {
    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
           ("nsNSSCertificate::ExportAsCMS - can't create SignedData\n"));
@ -1182,7 +1182,7 @@ nsNSSCertificate::ExportAsCMS(uint32_t chainMode,
      ScopedCERTCertificateList certChain(
          CERT_CertChainFromCert(issuerCert, certUsageAnyCA, includeRoot));
      if (certChain) {
-        if (NSS_CMSSignedData_AddCertList(sigd, certChain) == SECSuccess) {
+        if (NSS_CMSSignedData_AddCertList(sigd.get(), certChain) == SECSuccess) {
          certChain.forget();
        }
        else {
@ -1193,7 +1193,7 @@ nsNSSCertificate::ExportAsCMS(uint32_t chainMode,
      }
      else {
        // try to add the issuerCert, at least
-        if (NSS_CMSSignedData_AddCertificate(sigd, issuerCert)
+        if (NSS_CMSSignedData_AddCertificate(sigd.get(), issuerCert)
            == SECSuccess) {
          issuerCert.forget();
        }
@ -1206,10 +1206,10 @@ nsNSSCertificate::ExportAsCMS(uint32_t chainMode,
    }
  }

-  NSSCMSContentInfo* cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
-  if (NSS_CMSContentInfo_SetContent_SignedData(cmsg, cinfo, sigd)
+  NSSCMSContentInfo* cinfo = NSS_CMSMessage_GetContentInfo(cmsg.get());
+  if (NSS_CMSContentInfo_SetContent_SignedData(cmsg.get(), cinfo, sigd.get())
       == SECSuccess) {
-    sigd.forget();
+    Unused << sigd.release();
  }
  else {
    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
@ -1225,7 +1225,7 @@ nsNSSCertificate::ExportAsCMS(uint32_t chainMode,
  }

  SECItem certP7 = { siBuffer, nullptr, 0 };
-  NSSCMSEncoderContext* ecx = NSS_CMSEncoder_Start(cmsg, nullptr, nullptr,
+  NSSCMSEncoderContext* ecx = NSS_CMSEncoder_Start(cmsg.get(), nullptr, nullptr,
                                                   &certP7, arena, nullptr,
                                                   nullptr, nullptr, nullptr,
                                                   nullptr, nullptr);
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@ -2092,7 +2092,7 @@ ClientAuthDataRunnable::RunOnTargetThread()
  ScopedSECKEYPrivateKey privKey;
  ScopedCERTCertList certList;
  CERTCertListNode* node;
-  ScopedCERTCertNicknames nicknames;
+  UniqueCERTCertNicknames nicknames;
  int keyError = 0; // used for private key retrieval error
  SSM_UserCertChoice certChoice;
  int32_t NumberOfCerts = 0;
@ -2296,7 +2296,7 @@ ClientAuthDataRunnable::RunOnTargetThread()
        goto noCert;
      }

-      nicknames = getNSSCertNicknamesFromCertList(certList.get());
+      nicknames.reset(getNSSCertNicknamesFromCertList(certList.get()));

      if (!nicknames) {
        goto loser;