From e8b27b70d37f5c9babcee47edc5b30cb8c63dcd7 Mon Sep 17 00:00:00 2001 From: David Keeler Date: Fri, 12 Jul 2013 10:00:22 -0700 Subject: [PATCH] bug 882865 - cryptojs key gen cleanup: use EqualsLiteral() r=bsmith r=Ms2ger r=khuey --- security/manager/ssl/src/nsCrypto.cpp | 79 ++++++++++++---------- .../manager/ssl/tests/mochitest/bugs/Makefile.in | 8 +++ .../ssl/tests/mochitest/bugs/test_bug882865.html | 39 +++++++++++ 3 files changed, 89 insertions(+), 37 deletions(-) create mode 100644 security/manager/ssl/tests/mochitest/bugs/test_bug882865.html diff --git a/security/manager/ssl/src/nsCrypto.cpp b/security/manager/ssl/src/nsCrypto.cpp index 17654b4020c3..e572cbe996ea 100644 --- a/security/manager/ssl/src/nsCrypto.cpp +++ b/security/manager/ssl/src/nsCrypto.cpp @@ -37,6 +37,7 @@ #include "nsContentUtils.h" #include "nsCxPusher.h" #include "nsDOMJSUtils.h" +#include "nsJSUtils.h" #include "nsIXPConnect.h" #include "nsIRunnable.h" #include "nsIWindowWatcher.h" @@ -339,53 +340,53 @@ cryptojs_convert_to_mechanism(nsKeyGenType keyGenType) } /* - * This function converts a string read through JavaScript parameters + * This function takes a string read through JavaScript parameters * and translates it to the internal enumeration representing the - * key gen type. + * key gen type. Leading and trailing whitespace must be already removed. */ static nsKeyGenType -cryptojs_interpret_key_gen_type(char *keyAlg) -{ - char *end; - if (!keyAlg) { - return invalidKeyGen; - } - /* First let's remove all leading and trailing white space */ - while (isspace(keyAlg[0])) keyAlg++; - end = strchr(keyAlg, '\0'); - if (!end) { - return invalidKeyGen; - } - end--; - while (isspace(*end)) end--; - end[1] = '\0'; - if (strcmp(keyAlg, "rsa-ex") == 0) { +cryptojs_interpret_key_gen_type(const nsAString& keyAlg) +{ + if (keyAlg.EqualsLiteral("rsa-ex")) { return rsaEnc; - } else if (strcmp(keyAlg, "rsa-dual-use") == 0) { + } + if (keyAlg.EqualsLiteral("rsa-dual-use")) { return rsaDualUse; - } else if (strcmp(keyAlg, "rsa-sign") == 0) { + } + if (keyAlg.EqualsLiteral("rsa-sign")) { return rsaSign; - } else if (strcmp(keyAlg, "rsa-sign-nonrepudiation") == 0) { + } + if (keyAlg.EqualsLiteral("rsa-sign-nonrepudiation")) { return rsaSignNonrepudiation; - } else if (strcmp(keyAlg, "rsa-nonrepudiation") == 0) { + } + if (keyAlg.EqualsLiteral("rsa-nonrepudiation")) { return rsaNonrepudiation; - } else if (strcmp(keyAlg, "ec-ex") == 0) { + } + if (keyAlg.EqualsLiteral("ec-ex")) { return ecEnc; - } else if (strcmp(keyAlg, "ec-dual-use") == 0) { + } + if (keyAlg.EqualsLiteral("ec-dual-use")) { return ecDualUse; - } else if (strcmp(keyAlg, "ec-sign") == 0) { + } + if (keyAlg.EqualsLiteral("ec-sign")) { return ecSign; - } else if (strcmp(keyAlg, "ec-sign-nonrepudiation") == 0) { + } + if (keyAlg.EqualsLiteral("ec-sign-nonrepudiation")) { return ecSignNonrepudiation; - } else if (strcmp(keyAlg, "ec-nonrepudiation") == 0) { + } + if (keyAlg.EqualsLiteral("ec-nonrepudiation")) { return ecNonrepudiation; - } else if (strcmp(keyAlg, "dsa-sign-nonrepudiation") == 0) { + } + if (keyAlg.EqualsLiteral("dsa-sign-nonrepudiation")) { return dsaSignNonrepudiation; - } else if (strcmp(keyAlg, "dsa-sign") ==0 ){ + } + if (keyAlg.EqualsLiteral("dsa-sign")) { return dsaSign; - } else if (strcmp(keyAlg, "dsa-nonrepudiation") == 0) { + } + if (keyAlg.EqualsLiteral("dsa-nonrepudiation")) { return dsaNonrepudiation; - } else if (strcmp(keyAlg, "dh-ex") == 0) { + } + if (keyAlg.EqualsLiteral("dh-ex")) { return dhEx; } return invalidKeyGen; @@ -916,7 +917,7 @@ cryptojs_ReadArgsAndGenerateKey(JSContext *cx, PK11SlotInfo **slot, bool willEscrow) { JSString *jsString; - JSAutoByteString params, keyGenAlg; + JSAutoByteString params; int keySize; nsresult rv; @@ -942,13 +943,16 @@ cryptojs_ReadArgsAndGenerateKey(JSContext *cx, jsString = JS_ValueToString(cx, argv[2]); NS_ENSURE_TRUE(jsString, NS_ERROR_OUT_OF_MEMORY); argv[2] = STRING_TO_JSVAL(jsString); - keyGenAlg.encodeLatin1(cx, jsString); - NS_ENSURE_TRUE(!!keyGenAlg, NS_ERROR_OUT_OF_MEMORY); - keyGenType->keyGenType = cryptojs_interpret_key_gen_type(keyGenAlg.ptr()); + nsDependentJSString dependentKeyGenAlg; + NS_ENSURE_TRUE(dependentKeyGenAlg.init(cx, jsString), NS_ERROR_UNEXPECTED); + nsAutoString keyGenAlg(dependentKeyGenAlg); + keyGenAlg.Trim("\r\n\t "); + keyGenType->keyGenType = cryptojs_interpret_key_gen_type(keyGenAlg); if (keyGenType->keyGenType == invalidKeyGen) { + NS_LossyConvertUTF16toASCII keyGenAlgNarrow(dependentKeyGenAlg); JS_ReportError(cx, "%s%s%s", JS_ERROR, "invalid key generation argument:", - keyGenAlg.ptr()); + keyGenAlgNarrow.get()); goto loser; } if (!*slot) { @@ -961,9 +965,10 @@ cryptojs_ReadArgsAndGenerateKey(JSContext *cx, *slot,willEscrow); if (rv != NS_OK) { + NS_LossyConvertUTF16toASCII keyGenAlgNarrow(dependentKeyGenAlg); JS_ReportError(cx,"%s%s%s", JS_ERROR, "could not generate the key for algorithm ", - keyGenAlg.ptr()); + keyGenAlgNarrow.get()); goto loser; } return NS_OK; diff --git a/security/manager/ssl/tests/mochitest/bugs/Makefile.in b/security/manager/ssl/tests/mochitest/bugs/Makefile.in index 4812cac44390..6d9357517406 100644 --- a/security/manager/ssl/tests/mochitest/bugs/Makefile.in +++ b/security/manager/ssl/tests/mochitest/bugs/Makefile.in @@ -19,6 +19,14 @@ MOCHITEST_FILES = \ test_ev_validation_child.html \ $(NULL) +# test_bug882865.html tests crypto.generateCRMFRequest, which isn't +# available if legacy crypto has been disabled. +ifndef MOZ_DISABLE_CRYPTOLEGACY +MOCHITEST_FILES += \ + test_bug882865.html \ + $(NULL) +endif + MOCHITEST_CHROME_FILES = \ test_certificate_overrides.html \ test_bug413909.html \ diff --git a/security/manager/ssl/tests/mochitest/bugs/test_bug882865.html b/security/manager/ssl/tests/mochitest/bugs/test_bug882865.html new file mode 100644 index 000000000000..f3bf9925e801 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/bugs/test_bug882865.html @@ -0,0 +1,39 @@ + + + + Test bug 882865 + + + + + + + -- 2.11.4.GIT