From 253cd4b75bdae954662f9e03e39c239fa0dd9b21 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 7 Mar 2018 10:54:59 +0100 Subject: [PATCH] Bug 1443744 - fix shadowing issues in pkix, r=keeler Differential Revision: https://phabricator.services.mozilla.com/D689 --- security/pkix/include/pkix/Input.h | 26 +++++------ security/pkix/include/pkix/Time.h | 12 +++--- security/pkix/include/pkix/pkixtypes.h | 8 ++-- security/pkix/lib/pkixbuild.cpp | 26 +++++------ security/pkix/lib/pkixcheck.cpp | 21 ++++----- security/pkix/lib/pkixder.cpp | 1 - security/pkix/lib/pkixocsp.cpp | 43 +++++++++++-------- security/pkix/lib/pkixutil.h | 10 ++--- security/pkix/moz.build | 8 ---- security/pkix/test/gtest/moz.build | 1 - security/pkix/test/gtest/pkixbuild_tests.cpp | 18 ++++---- .../pkixcert_signature_algorithm_tests.cpp | 32 +++++++------- ...kixcheck_CheckSignatureAlgorithm_tests.cpp | 8 ++-- .../pkixocsp_VerifyEncodedOCSPResponse.cpp | 6 +-- security/pkix/test/lib/pkixtestalg.cpp | 16 +++---- security/pkix/test/lib/pkixtestnss.cpp | 16 +++---- security/pkix/test/lib/pkixtestutil.cpp | 10 ++--- security/pkix/test/lib/pkixtestutil.h | 4 +- security/pkix/warnings.mozbuild | 1 - 19 files changed, 131 insertions(+), 136 deletions(-) diff --git a/security/pkix/include/pkix/Input.h b/security/pkix/include/pkix/Input.h index e09526fb490a..d3aa38649b90 100644 --- a/security/pkix/include/pkix/Input.h +++ b/security/pkix/include/pkix/Input.h @@ -66,8 +66,8 @@ public: // Input expected; // Result rv = expected.Init(EXPECTED_BYTES, sizeof EXPECTED_BYTES); template - explicit Input(const uint8_t (&data)[N]) - : data(data) + explicit Input(const uint8_t (&aData)[N]) + : data(aData) , len(N) { } @@ -84,19 +84,19 @@ public: // Initialize the input. data must be non-null and len must be less than // 65536. Init may not be called more than once. - Result Init(const uint8_t* data, size_t len) + Result Init(const uint8_t* aData, size_t aLen) { if (this->data) { // already initialized return Result::FATAL_ERROR_INVALID_ARGS; } - if (!data || len > 0xffffu) { + if (!aData || aLen > 0xffffu) { // input too large return Result::ERROR_BAD_DER; } - this->data = data; - this->len = len; + this->data = aData; + this->len = aLen; return Success; } @@ -153,19 +153,19 @@ public: { } - explicit Reader(Input input) - : input(input.UnsafeGetData()) - , end(input.UnsafeGetData() + input.GetLength()) + explicit Reader(Input aInput) + : input(aInput.UnsafeGetData()) + , end(aInput.UnsafeGetData() + aInput.GetLength()) { } - Result Init(Input input) + Result Init(Input aInput) { if (this->input) { return Result::FATAL_ERROR_INVALID_ARGS; } - this->input = input.UnsafeGetData(); - this->end = input.UnsafeGetData() + input.GetLength(); + this->input = aInput.UnsafeGetData(); + this->end = aInput.UnsafeGetData() + aInput.GetLength(); return Success; } @@ -292,7 +292,7 @@ public: Mark(const Mark&) = default; // Intentionally not explicit. private: friend class Reader; - Mark(const Reader& input, const uint8_t* mark) : input(input), mark(mark) { } + Mark(const Reader& aInput, const uint8_t* aMark) : input(aInput), mark(aMark) { } const Reader& input; const uint8_t* const mark; void operator=(const Mark&) = delete; diff --git a/security/pkix/include/pkix/Time.h b/security/pkix/include/pkix/Time.h index d96ac82ff66a..e997682b3ad7 100644 --- a/security/pkix/include/pkix/Time.h +++ b/security/pkix/include/pkix/Time.h @@ -102,8 +102,8 @@ private: // // WRONG! 1970-01-01-00:00:00 == time_t(0), but not Time(0)! // return Time(t); // } - explicit Time(uint64_t elapsedSecondsAD) - : elapsedSecondsAD(elapsedSecondsAD) + explicit Time(uint64_t aElapsedSecondsAD) + : elapsedSecondsAD(aElapsedSecondsAD) { } friend Time TimeFromElapsedSecondsAD(uint64_t); @@ -112,9 +112,9 @@ private: uint64_t elapsedSecondsAD; }; -inline Time TimeFromElapsedSecondsAD(uint64_t elapsedSecondsAD) +inline Time TimeFromElapsedSecondsAD(uint64_t aElapsedSecondsAD) { - return Time(elapsedSecondsAD); + return Time(aElapsedSecondsAD); } Time Now(); @@ -132,8 +132,8 @@ public: { } - explicit Duration(uint64_t durationInSeconds) - : durationInSeconds(durationInSeconds) + explicit Duration(uint64_t aDurationInSeconds) + : durationInSeconds(aDurationInSeconds) { } diff --git a/security/pkix/include/pkix/pkixtypes.h b/security/pkix/include/pkix/pkixtypes.h index 718832d45873..e93723f9744c 100644 --- a/security/pkix/include/pkix/pkixtypes.h +++ b/security/pkix/include/pkix/pkixtypes.h @@ -135,10 +135,10 @@ enum class AuxiliaryExtension struct CertID final { public: - CertID(Input issuer, Input issuerSubjectPublicKeyInfo, Input serialNumber) - : issuer(issuer) - , issuerSubjectPublicKeyInfo(issuerSubjectPublicKeyInfo) - , serialNumber(serialNumber) + CertID(Input aIssuer, Input aIssuerSubjectPublicKeyInfo, Input aSerialNumber) + : issuer(aIssuer) + , issuerSubjectPublicKeyInfo(aIssuerSubjectPublicKeyInfo) + , serialNumber(aSerialNumber) { } const Input issuer; diff --git a/security/pkix/lib/pkixbuild.cpp b/security/pkix/lib/pkixbuild.cpp index 0b33e3d5ae71..203f369709c4 100644 --- a/security/pkix/lib/pkixbuild.cpp +++ b/security/pkix/lib/pkixbuild.cpp @@ -46,19 +46,19 @@ TrustDomain::IssuerChecker::~IssuerChecker() { } class PathBuildingStep final : public TrustDomain::IssuerChecker { public: - PathBuildingStep(TrustDomain& trustDomain, const BackCert& subject, - Time time, KeyPurposeId requiredEKUIfPresent, - const CertPolicyId& requiredPolicy, - /*optional*/ const Input* stapledOCSPResponse, - unsigned int subCACount, Result deferredSubjectError) - : trustDomain(trustDomain) - , subject(subject) - , time(time) - , requiredEKUIfPresent(requiredEKUIfPresent) - , requiredPolicy(requiredPolicy) - , stapledOCSPResponse(stapledOCSPResponse) - , subCACount(subCACount) - , deferredSubjectError(deferredSubjectError) + PathBuildingStep(TrustDomain& aTrustDomain, const BackCert& aSubject, + Time aTime, KeyPurposeId aRequiredEKUIfPresent, + const CertPolicyId& aRequiredPolicy, + /*optional*/ const Input* aStapledOCSPResponse, + unsigned int aSubCACount, Result aDeferredSubjectError) + : trustDomain(aTrustDomain) + , subject(aSubject) + , time(aTime) + , requiredEKUIfPresent(aRequiredEKUIfPresent) + , requiredPolicy(aRequiredPolicy) + , stapledOCSPResponse(aStapledOCSPResponse) + , subCACount(aSubCACount) + , deferredSubjectError(aDeferredSubjectError) , result(Result::FATAL_ERROR_LIBRARY_FAILURE) , resultWasSet(false) { diff --git a/security/pkix/lib/pkixcheck.cpp b/security/pkix/lib/pkixcheck.cpp index 8ccf94ce3b86..7541b6ac7c48 100644 --- a/security/pkix/lib/pkixcheck.cpp +++ b/security/pkix/lib/pkixcheck.cpp @@ -339,15 +339,16 @@ CheckSubjectPublicKeyInfoContents(Reader& input, TrustDomain& trustDomain, [&trustDomain, endEntityOrCA](Reader& r) { Input modulus; Input::size_type modulusSignificantBytes; - Result rv = der::PositiveInteger(r, modulus, &modulusSignificantBytes); - if (rv != Success) { - return rv; + Result nestedRv = + der::PositiveInteger(r, modulus, &modulusSignificantBytes); + if (nestedRv != Success) { + return nestedRv; } // XXX: Should we do additional checks of the modulus? - rv = trustDomain.CheckRSAPublicKeyModulusSizeInBits( - endEntityOrCA, modulusSignificantBytes * 8u); - if (rv != Success) { - return rv; + nestedRv = trustDomain.CheckRSAPublicKeyModulusSizeInBits( + endEntityOrCA, modulusSignificantBytes * 8u); + if (nestedRv != Success) { + return nestedRv; } // XXX: We don't allow the TrustDomain to validate the exponent. @@ -652,9 +653,9 @@ CheckBasicConstraints(EndEntityOrCA endEntityOrCA, Reader input(*encodedBasicConstraints); Result rv = der::Nested(input, der::SEQUENCE, [&isCA, &pathLenConstraint](Reader& r) { - Result rv = der::OptionalBoolean(r, isCA); - if (rv != Success) { - return rv; + Result nestedRv = der::OptionalBoolean(r, isCA); + if (nestedRv != Success) { + return nestedRv; } // TODO(bug 985025): If isCA is false, pathLenConstraint // MUST NOT be included (as per RFC 5280 section diff --git a/security/pkix/lib/pkixder.cpp b/security/pkix/lib/pkixder.cpp index 0660b42b24ea..4f2647058b91 100644 --- a/security/pkix/lib/pkixder.cpp +++ b/security/pkix/lib/pkixder.cpp @@ -213,7 +213,6 @@ SignatureAlgorithmIdentifierValue(Reader& input, Result DigestAlgorithmIdentifier(Reader& input, /*out*/ DigestAlgorithm& algorithm) { - Reader r; return der::Nested(input, SEQUENCE, [&algorithm](Reader& r) -> Result { Reader algorithmID; Result rv = AlgorithmIdentifierValue(r, algorithmID); diff --git a/security/pkix/lib/pkixocsp.cpp b/security/pkix/lib/pkixocsp.cpp index 21dd807c937c..db53c01b4223 100644 --- a/security/pkix/lib/pkixocsp.cpp +++ b/security/pkix/lib/pkixocsp.cpp @@ -46,16 +46,16 @@ enum class CertStatus : uint8_t { class Context final { public: - Context(TrustDomain& trustDomain, const CertID& certID, Time time, - uint16_t maxLifetimeInDays, /*optional out*/ Time* thisUpdate, - /*optional out*/ Time* validThrough) - : trustDomain(trustDomain) - , certID(certID) - , time(time) - , maxLifetimeInDays(maxLifetimeInDays) + Context(TrustDomain& aTrustDomain, const CertID& aCertID, Time aTime, + uint16_t aMaxLifetimeInDays, /*optional out*/ Time* aThisUpdate, + /*optional out*/ Time* aValidThrough) + : trustDomain(aTrustDomain) + , certID(aCertID) + , time(aTime) + , maxLifetimeInDays(aMaxLifetimeInDays) , certStatus(CertStatus::Unknown) - , thisUpdate(thisUpdate) - , validThrough(validThrough) + , thisUpdate(aThisUpdate) + , validThrough(aValidThrough) , expired(false) , matchFound(false) { @@ -173,9 +173,13 @@ static Result ExtensionNotUnderstood(Reader& extnID, Input extnValue, static Result RememberSingleExtension(Context& context, Reader& extnID, Input extnValue, bool critical, /*out*/ bool& understood); -static inline Result CertID(Reader& input, - const Context& context, - /*out*/ bool& match); +// It is convention to name the function after the part of the data structure +// we're parsing from the RFC (e.g. OCSPResponse, ResponseBytes). +// But since we also have a C++ type called CertID, this function doesn't +// follow the convention to prevent shadowing. +static inline Result MatchCertID(Reader& input, + const Context& context, + /*out*/ bool& match); static Result MatchKeyHash(TrustDomain& trustDomain, Input issuerKeyHash, Input issuerSubjectPublicKeyInfo, @@ -438,12 +442,13 @@ BasicResponse(Reader& input, Context& context) der::SEQUENCE, [&certs](Reader& certsDER) -> Result { while (!certsDER.AtEnd()) { Input cert; - Result rv = der::ExpectTagAndGetTLV(certsDER, der::SEQUENCE, cert); - if (rv != Success) { - return rv; + Result nestedRv = + der::ExpectTagAndGetTLV(certsDER, der::SEQUENCE, cert); + if (nestedRv != Success) { + return nestedRv; } - rv = certs.Append(cert); - if (rv != Success) { + nestedRv = certs.Append(cert); + if (nestedRv != Success) { return Result::ERROR_BAD_DER; // Too many certs } } @@ -538,7 +543,7 @@ SingleResponse(Reader& input, Context& context) { bool match = false; Result rv = der::Nested(input, der::SEQUENCE, [&context, &match](Reader& r) { - return CertID(r, context, match); + return MatchCertID(r, context, match); }); if (rv != Success) { return rv; @@ -695,7 +700,7 @@ SingleResponse(Reader& input, Context& context) // issuerKeyHash OCTET STRING, -- Hash of issuer's public key // serialNumber CertificateSerialNumber } static inline Result -CertID(Reader& input, const Context& context, /*out*/ bool& match) +MatchCertID(Reader& input, const Context& context, /*out*/ bool& match) { match = false; diff --git a/security/pkix/lib/pkixutil.h b/security/pkix/lib/pkixutil.h index 31557ea81812..c22ffbefee41 100644 --- a/security/pkix/lib/pkixutil.h +++ b/security/pkix/lib/pkixutil.h @@ -42,11 +42,11 @@ class BackCert final { public: // certDER and childCert must be valid for the lifetime of BackCert. - BackCert(Input certDER, EndEntityOrCA endEntityOrCA, - const BackCert* childCert) - : der(certDER) - , endEntityOrCA(endEntityOrCA) - , childCert(childCert) + BackCert(Input aCertDER, EndEntityOrCA aEndEntityOrCA, + const BackCert* aChildCert) + : der(aCertDER) + , endEntityOrCA(aEndEntityOrCA) + , childCert(aChildCert) { } diff --git a/security/pkix/moz.build b/security/pkix/moz.build index e97bf3e14a13..ec02dcd01881 100644 --- a/security/pkix/moz.build +++ b/security/pkix/moz.build @@ -34,11 +34,3 @@ include('warnings.mozbuild') Library('mozillapkix') FINAL_LIBRARY = 'xul' - -if CONFIG['CC_TYPE'] in ('clang', 'gcc'): - CXXFLAGS += ['-Wno-error=shadow'] - -if CONFIG['CC_TYPE'] in ('msvc', 'clang-cl'): - # This is intended as a temporary hack to support building with VS2015. - # declaration of '*' hides class member - CXXFLAGS += ['-wd4458'] diff --git a/security/pkix/test/gtest/moz.build b/security/pkix/test/gtest/moz.build index b60c77354595..f425cce1f3aa 100644 --- a/security/pkix/test/gtest/moz.build +++ b/security/pkix/test/gtest/moz.build @@ -47,7 +47,6 @@ if CONFIG['CC_TYPE'] == 'gcc': # framework in a way we cannot otherwise work around. if CONFIG['CC_TYPE'] in ('clang', 'gcc'): CXXFLAGS += [ - '-Wno-error=shadow', '-Wno-old-style-cast', ] if CONFIG['CC_TYPE'] == 'clang': diff --git a/security/pkix/test/gtest/pkixbuild_tests.cpp b/security/pkix/test/gtest/pkixbuild_tests.cpp index 5948df7037a8..32422510bfea 100644 --- a/security/pkix/test/gtest/pkixbuild_tests.cpp +++ b/security/pkix/test/gtest/pkixbuild_tests.cpp @@ -255,8 +255,8 @@ TEST_F(pkixbuild, BeyondMaxAcceptableCertChainLength) class SingleRootTrustDomain : public DefaultCryptoTrustDomain { public: - explicit SingleRootTrustDomain(ByteString rootDER) - : rootDER(rootDER) + explicit SingleRootTrustDomain(ByteString aRootDER) + : rootDER(aRootDER) { } @@ -311,8 +311,8 @@ private: class ExpiredCertTrustDomain final : public SingleRootTrustDomain { public: - explicit ExpiredCertTrustDomain(ByteString rootDER) - : SingleRootTrustDomain(rootDER) + explicit ExpiredCertTrustDomain(ByteString aRootDER) + : SingleRootTrustDomain(aRootDER) { } @@ -410,9 +410,9 @@ TEST_F(pkixbuild_DSS, DSSEndEntityKeyNotAccepted) class IssuerNameCheckTrustDomain final : public DefaultCryptoTrustDomain { public: - IssuerNameCheckTrustDomain(const ByteString& issuer, bool expectedKeepGoing) - : issuer(issuer) - , expectedKeepGoing(expectedKeepGoing) + IssuerNameCheckTrustDomain(const ByteString& aIssuer, bool aExpectedKeepGoing) + : issuer(aIssuer) + , expectedKeepGoing(aExpectedKeepGoing) { } @@ -520,8 +520,8 @@ INSTANTIATE_TEST_CASE_P(pkixbuild_IssuerNameCheck, pkixbuild_IssuerNameCheck, class EmbeddedSCTListTestTrustDomain final : public SingleRootTrustDomain { public: - explicit EmbeddedSCTListTestTrustDomain(ByteString rootDER) - : SingleRootTrustDomain(rootDER) + explicit EmbeddedSCTListTestTrustDomain(ByteString aRootDER) + : SingleRootTrustDomain(aRootDER) { } diff --git a/security/pkix/test/gtest/pkixcert_signature_algorithm_tests.cpp b/security/pkix/test/gtest/pkixcert_signature_algorithm_tests.cpp index 001e84989aab..c22b5e26084f 100644 --- a/security/pkix/test/gtest/pkixcert_signature_algorithm_tests.cpp +++ b/security/pkix/test/gtest/pkixcert_signature_algorithm_tests.cpp @@ -47,14 +47,14 @@ CreateCert(const char* issuerCN, class AlgorithmTestsTrustDomain final : public DefaultCryptoTrustDomain { public: - AlgorithmTestsTrustDomain(const ByteString& rootDER, - const ByteString& rootSubjectDER, - /*optional*/ const ByteString& intDER, - /*optional*/ const ByteString& intSubjectDER) - : rootDER(rootDER) - , rootSubjectDER(rootSubjectDER) - , intDER(intDER) - , intSubjectDER(intSubjectDER) + AlgorithmTestsTrustDomain(const ByteString& aRootDER, + const ByteString& aRootSubjectDER, + /*optional*/ const ByteString& aIntDER, + /*optional*/ const ByteString& aIntSubjectDER) + : rootDER(aRootDER) + , rootSubjectDER(aRootSubjectDER) + , intDER(aIntDER) + , intSubjectDER(aIntSubjectDER) { } @@ -118,14 +118,14 @@ static const TestSignatureAlgorithm NO_INTERMEDIATE struct ChainValidity final { - ChainValidity(const TestSignatureAlgorithm& endEntitySignatureAlgorithm, - const TestSignatureAlgorithm& optionalIntSignatureAlgorithm, - const TestSignatureAlgorithm& rootSignatureAlgorithm, - bool isValid) - : endEntitySignatureAlgorithm(endEntitySignatureAlgorithm) - , optionalIntermediateSignatureAlgorithm(optionalIntSignatureAlgorithm) - , rootSignatureAlgorithm(rootSignatureAlgorithm) - , isValid(isValid) + ChainValidity(const TestSignatureAlgorithm& aEndEntitySignatureAlgorithm, + const TestSignatureAlgorithm& aOptionalIntSignatureAlgorithm, + const TestSignatureAlgorithm& aRootSignatureAlgorithm, + bool aIsValid) + : endEntitySignatureAlgorithm(aEndEntitySignatureAlgorithm) + , optionalIntermediateSignatureAlgorithm(aOptionalIntSignatureAlgorithm) + , rootSignatureAlgorithm(aRootSignatureAlgorithm) + , isValid(aIsValid) { } // In general, a certificate is generated for each of these. However, if diff --git a/security/pkix/test/gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp b/security/pkix/test/gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp index ef7f6a465cbc..9cf29896ab74 100644 --- a/security/pkix/test/gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp +++ b/security/pkix/test/gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp @@ -203,8 +203,8 @@ class pkixcheck_CheckSignatureAlgorithm_TrustDomain final { public: explicit pkixcheck_CheckSignatureAlgorithm_TrustDomain( - unsigned int publicKeySizeInBits) - : publicKeySizeInBits(publicKeySizeInBits) + unsigned int aPublicKeySizeInBits) + : publicKeySizeInBits(aPublicKeySizeInBits) , checkedDigestAlgorithm(false) , checkedModulusSizeInBits(false) { @@ -273,8 +273,8 @@ class pkixcheck_CheckSignatureAlgorithm_BuildCertChain_TrustDomain { public: explicit pkixcheck_CheckSignatureAlgorithm_BuildCertChain_TrustDomain( - const ByteString& issuer) - : issuer(issuer) + const ByteString& aIssuer) + : issuer(aIssuer) { } diff --git a/security/pkix/test/gtest/pkixocsp_VerifyEncodedOCSPResponse.cpp b/security/pkix/test/gtest/pkixocsp_VerifyEncodedOCSPResponse.cpp index 45d338175359..2dd5175055c5 100644 --- a/security/pkix/test/gtest/pkixocsp_VerifyEncodedOCSPResponse.cpp +++ b/security/pkix/test/gtest/pkixocsp_VerifyEncodedOCSPResponse.cpp @@ -977,10 +977,10 @@ public: { } - bool SetCertTrust(const ByteString& certDER, TrustLevel certTrustLevel) + bool SetCertTrust(const ByteString& aCertDER, TrustLevel aCertTrustLevel) { - this->certDER = certDER; - this->certTrustLevel = certTrustLevel; + this->certDER = aCertDER; + this->certTrustLevel = aCertTrustLevel; return true; } private: diff --git a/security/pkix/test/lib/pkixtestalg.cpp b/security/pkix/test/lib/pkixtestalg.cpp index a19fd26f31ba..d4ef88f8f0b8 100644 --- a/security/pkix/test/lib/pkixtestalg.cpp +++ b/security/pkix/test/lib/pkixtestalg.cpp @@ -137,14 +137,14 @@ static const uint8_t DSS_G_RAW[] = } // namespace TestSignatureAlgorithm::TestSignatureAlgorithm( - const TestPublicKeyAlgorithm& publicKeyAlg, - TestDigestAlgorithmID digestAlg, - const ByteString& algorithmIdentifier, - bool accepted) - : publicKeyAlg(publicKeyAlg) - , digestAlg(digestAlg) - , algorithmIdentifier(algorithmIdentifier) - , accepted(accepted) + const TestPublicKeyAlgorithm& aPublicKeyAlg, + TestDigestAlgorithmID aDigestAlg, + const ByteString& aAlgorithmIdentifier, + bool aAccepted) + : publicKeyAlg(aPublicKeyAlg) + , digestAlg(aDigestAlg) + , algorithmIdentifier(aAlgorithmIdentifier) + , accepted(aAccepted) { } diff --git a/security/pkix/test/lib/pkixtestnss.cpp b/security/pkix/test/lib/pkixtestnss.cpp index 504e0b279154..7f12700d2cce 100644 --- a/security/pkix/test/lib/pkixtestnss.cpp +++ b/security/pkix/test/lib/pkixtestnss.cpp @@ -80,15 +80,15 @@ InitReusedKeyPair() class NSSTestKeyPair final : public TestKeyPair { public: - NSSTestKeyPair(const TestPublicKeyAlgorithm& publicKeyAlg, + NSSTestKeyPair(const TestPublicKeyAlgorithm& aPublicKeyAlg, const ByteString& spk, - const ByteString& encryptedPrivateKey, - const ByteString& encryptionAlgorithm, - const ByteString& encryptionParams) - : TestKeyPair(publicKeyAlg, spk) - , encryptedPrivateKey(encryptedPrivateKey) - , encryptionAlgorithm(encryptionAlgorithm) - , encryptionParams(encryptionParams) + const ByteString& aEncryptedPrivateKey, + const ByteString& aEncryptionAlgorithm, + const ByteString& aEncryptionParams) + : TestKeyPair(aPublicKeyAlg, spk) + , encryptedPrivateKey(aEncryptedPrivateKey) + , encryptionAlgorithm(aEncryptionAlgorithm) + , encryptionParams(aEncryptionParams) { } diff --git a/security/pkix/test/lib/pkixtestutil.cpp b/security/pkix/test/lib/pkixtestutil.cpp index f7190113eda3..20b17418e12c 100644 --- a/security/pkix/test/lib/pkixtestutil.cpp +++ b/security/pkix/test/lib/pkixtestutil.cpp @@ -154,8 +154,8 @@ OCSPResponseExtension::OCSPResponseExtension() { } -OCSPResponseContext::OCSPResponseContext(const CertID& certID, time_t time) - : certID(certID) +OCSPResponseContext::OCSPResponseContext(const CertID& aCertID, time_t time) + : certID(aCertID) , responseStatus(successful) , skipResponseBytes(false) , producedAt(time) @@ -1142,11 +1142,11 @@ CertStatus(OCSPResponseContext& context) static const ByteString NO_UNUSED_BITS(1, 0x00); // The SubjectPublicKeyInfo syntax is specified in RFC 5280 Section 4.1. -TestKeyPair::TestKeyPair(const TestPublicKeyAlgorithm& publicKeyAlg, +TestKeyPair::TestKeyPair(const TestPublicKeyAlgorithm& aPublicKeyAlg, const ByteString& spk) - : publicKeyAlg(publicKeyAlg) + : publicKeyAlg(aPublicKeyAlg) , subjectPublicKeyInfo(TLV(der::SEQUENCE, - publicKeyAlg.algorithmIdentifier + + aPublicKeyAlg.algorithmIdentifier + TLV(der::BIT_STRING, NO_UNUSED_BITS + spk))) , subjectPublicKey(spk) { diff --git a/security/pkix/test/lib/pkixtestutil.h b/security/pkix/test/lib/pkixtestutil.h index f46cdbea5de5..e5da442a7d24 100644 --- a/security/pkix/test/lib/pkixtestutil.h +++ b/security/pkix/test/lib/pkixtestutil.h @@ -87,8 +87,8 @@ enum class TestDigestAlgorithmID struct TestPublicKeyAlgorithm { - explicit TestPublicKeyAlgorithm(const ByteString& algorithmIdentifier) - : algorithmIdentifier(algorithmIdentifier) { } + explicit TestPublicKeyAlgorithm(const ByteString& aAlgorithmIdentifier) + : algorithmIdentifier(aAlgorithmIdentifier) { } bool operator==(const TestPublicKeyAlgorithm& other) const { return algorithmIdentifier == other.algorithmIdentifier; diff --git a/security/pkix/warnings.mozbuild b/security/pkix/warnings.mozbuild index 338f71fd9e79..c2fa546974c9 100644 --- a/security/pkix/warnings.mozbuild +++ b/security/pkix/warnings.mozbuild @@ -8,7 +8,6 @@ if CONFIG['CC_TYPE'] == 'clang': '-Wno-missing-variable-declarations', '-Wno-padded', '-Wno-reserved-id-macro', # NSPR and NSS use reserved IDs in their include guards. - '-Wno-shadow', # XXX: Clang's rules are too strict for constructors. '-Wno-weak-vtables', # We rely on the linker to merge the duplicate vtables. ] elif CONFIG['CC_TYPE'] in ('msvc', 'clang-cl'):