Bug 1271501 - Use mozilla::BitwiseCast instead of reinterpret_cast in PSM. r=keeler

mozilla::BitwiseCast does the same thing, but provides static asserts that
mitigate some of the risk of using reinterpret_cast.

MozReview-Commit-ID: ENQ8QC6Nl9o

--HG--
extra : rebase_source : c1725c8363c0f7f9877601de5ab5f152ef4d0439

security/apps/AppSignatureVerification.cpp

@@ -12,6 +12,7 @@
 #include "ScopedNSSTypes.h"
 #include "base64.h"
 #include "certdb.h"
+#include "mozilla/Casting.h"
 #include "mozilla/Logging.h"
 #include "mozilla/RefPtr.h"
 #include "mozilla/UniquePtr.h"
@@ -916,7 +917,7 @@ VerifySignedManifest(AppTrustedRoot aTrustedRoot,
   // Calculate SHA1 digest of the base64 encoded string
   Digest doubleDigest;
   rv = doubleDigest.DigestBuf(SEC_OID_SHA1,
-                              reinterpret_cast<uint8_t*>(base64EncDigest.get()),
+                              BitwiseCast<uint8_t*, char*>(base64EncDigest.get()),
                               strlen(base64EncDigest.get()));
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;

security/apps/AppTrustDomain.cpp

@@ -5,17 +5,18 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "AppTrustDomain.h"
-#include "certdb.h"
-#include "pkix/pkixnss.h"
-#include "mozilla/ArrayUtils.h"
 #include "MainThreadUtils.h"
+#include "certdb.h"
+#include "mozilla/ArrayUtils.h"
+#include "mozilla/Casting.h"
 #include "mozilla/Preferences.h"
 #include "nsComponentManagerUtils.h"
 #include "nsIFile.h"
 #include "nsIFileStreams.h"
 #include "nsIX509CertDB.h"
-#include "nsNetUtil.h"
 #include "nsNSSCertificate.h"
+#include "nsNetUtil.h"
+#include "pkix/pkixnss.h"
 #include "prerror.h"
 #include "secerr.h"
 
@@ -152,7 +153,8 @@ AppTrustDomain::SetTrustedRoot(AppTrustedRoot trustedRoot)
         }
 
         MOZ_ASSERT(length == sDevImportedDERLen);
-        sDevImportedDERData.reset(reinterpret_cast<unsigned char*>(data.release()));
+        sDevImportedDERData.reset(
+          BitwiseCast<unsigned char*, char*>(data.release()));
       }
 
       trustedDER.data = sDevImportedDERData.get();

security/certverifier/NSSCertDBTrustDomain.cpp

@@ -15,6 +15,7 @@
 #include "PublicKeyPinningService.h"
 #include "cert.h"
 #include "certdb.h"
+#include "mozilla/Casting.h"
 #include "mozilla/UniquePtr.h"
 #include "mozilla/unused.h"
 #include "nsNSSCertificate.h"
@@ -778,7 +779,7 @@ NSSCertDBTrustDomain::IsChainValid(const DERArray& certArray, Time time)
       return Result::FATAL_ERROR_LIBRARY_FAILURE;
     }
     const uint8_t* certHash(
-      reinterpret_cast<const uint8_t*>(digest.get().data));
+      BitwiseCast<uint8_t*, unsigned char*>(digest.get().data));
     size_t certHashLen = digest.get().len;
     size_t unused;
     if (!mozilla::BinarySearchIf(WhitelistedCNNICHashes, 0,

security/certverifier/OCSPRequestor.cpp

@@ -10,6 +10,7 @@
 
 #include "ScopedNSSTypes.h"
 #include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
 #include "nsIURLParser.h"
 #include "nsNSSCallbacks.h"
 #include "nsNetCID.h"
@@ -49,7 +50,8 @@ AppendEscapedBase64Item(const SECItem* encodedRequest, nsACString& path)
 {
   nsresult rv;
   nsDependentCSubstring requestAsSubstring(
-    reinterpret_cast<const char*>(encodedRequest->data), encodedRequest->len);
+    BitwiseCast<char*, unsigned char*>(encodedRequest->data),
+    encodedRequest->len);
   nsCString base64Request;
   rv = Base64Encode(requestAsSubstring, base64Request);
   if (NS_WARN_IF(NS_FAILED(rv))) {
@@ -180,7 +182,8 @@ DoOCSPRequest(const UniquePLArenaPool& arena, const char* url,
 
   if (!useGET) {
     rv = nsNSSHttpInterface::setPostDataFcn(
-      requestSession.get(), reinterpret_cast<char*>(encodedRequest->data),
+      requestSession.get(),
+      BitwiseCast<char*, unsigned char*>(encodedRequest->data),
       encodedRequest->len, "application/ocsp-request");
     if (rv != Success) {
       return rv;

security/manager/ssl/CertBlocklist.cpp

@@ -5,7 +5,10 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "CertBlocklist.h"
+
 #include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Logging.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/unused.h"
 #include "nsAppDirectoryServiceDefs.h"
@@ -21,7 +24,6 @@
 #include "nsTHashtable.h"
 #include "nsThreadUtils.h"
 #include "pkix/Input.h"
-#include "mozilla/Logging.h"
 #include "prtime.h"
 
 NS_IMPL_ISUPPORTS(CertBlocklist, nsICertBlocklist)
@@ -82,9 +84,9 @@ CertBlocklistItem::~CertBlocklistItem()
 nsresult
 CertBlocklistItem::ToBase64(nsACString& b64DNOut, nsACString& b64OtherOut)
 {
-  nsDependentCSubstring DNString(reinterpret_cast<char*>(mDNData),
+  nsDependentCSubstring DNString(BitwiseCast<char*, uint8_t*>(mDNData),
                                  mDNLength);
-  nsDependentCSubstring otherString(reinterpret_cast<char*>(mOtherData),
+  nsDependentCSubstring otherString(BitwiseCast<char*, uint8_t*>(mOtherData),
                                     mOtherLength);
   nsresult rv = Base64Encode(DNString, b64DNOut);
   if (NS_FAILED(rv)) {
@@ -344,25 +346,24 @@ CertBlocklist::AddRevokedCertInternal(const nsACString& aEncodedDN,
                                       CertBlocklistItemState aItemState,
                                       MutexAutoLock& /*proofOfLock*/)
 {
-    nsCString decodedDN;
-    nsCString decodedOther;
-
-    nsresult rv = Base64Decode(aEncodedDN, decodedDN);
-    if (NS_FAILED(rv)) {
-      return rv;
-    }
-    rv = Base64Decode(aEncodedOther, decodedOther);
-    if (NS_FAILED(rv)) {
-      return rv;
-    }
-
-    CertBlocklistItem item(reinterpret_cast<const uint8_t*>(decodedDN.get()),
-                           decodedDN.Length(),
-                           reinterpret_cast<const uint8_t*>(decodedOther.get()),
-                           decodedOther.Length(),
-                           aMechanism);
+  nsCString decodedDN;
+  nsCString decodedOther;
 
+  nsresult rv = Base64Decode(aEncodedDN, decodedDN);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = Base64Decode(aEncodedOther, decodedOther);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
 
+  CertBlocklistItem item(
+    BitwiseCast<const uint8_t*, const char*>(decodedDN.get()),
+    decodedDN.Length(),
+    BitwiseCast<const uint8_t*, const char*>(decodedOther.get()),
+    decodedOther.Length(),
+    aMechanism);
 
   if (aItemState == CertNewFromBlocklist) {
     // We want SaveEntries to be a no-op if no new entries are added.
@@ -596,11 +597,12 @@ CertBlocklist::IsCertRevoked(const uint8_t* aIssuer,
     return rv;
   }
 
-  CertBlocklistItem subjectPubKey(aSubject,
-                                  static_cast<size_t>(aSubjectLength),
-                                  reinterpret_cast<const uint8_t*>(hashString.get()),
-                                  hashString.Length(),
-                                  BlockBySubjectAndPubKey);
+  CertBlocklistItem subjectPubKey(
+    aSubject,
+    static_cast<size_t>(aSubjectLength),
+    BitwiseCast<const uint8_t*, const char*>(hashString.get()),
+    hashString.Length(),
+    BlockBySubjectAndPubKey);
 
   rv = subjectPubKey.ToBase64(encDN, encOther);
   if (NS_FAILED(rv)) {

security/manager/ssl/ContentSignatureVerifier.cpp

@@ -7,18 +7,19 @@
 #include "ContentSignatureVerifier.h"
 
 #include "BRNameMatchingPolicy.h"
+#include "SharedCertVerifier.h"
 #include "cryptohi.h"
 #include "keyhi.h"
+#include "mozilla/Casting.h"
 #include "nsCOMPtr.h"
 #include "nsNSSComponent.h"
-#include "nssb64.h"
+#include "nsSecurityHeaderParser.h"
 #include "nsWhitespaceTokenizer.h"
 #include "nsXPCOMStrings.h"
+#include "nssb64.h"
 #include "pkix/pkix.h"
 #include "pkix/pkixtypes.h"
 #include "secerr.h"
-#include "SharedCertVerifier.h"
-#include "nsSecurityHeaderParser.h"
 
 NS_IMPL_ISUPPORTS(ContentSignatureVerifier, nsIContentSignatureVerifier)
 
@@ -165,7 +166,7 @@ ContentSignatureVerifier::CreateContext(const nsACString& aData,
 
   Input certDER;
   Result result =
-    certDER.Init(reinterpret_cast<const uint8_t*>(certSecItem->data),
+    certDER.Init(BitwiseCast<uint8_t*, unsigned char*>(certSecItem->data),
                  certSecItem->len);
   if (result != Success) {
     return NS_ERROR_FAILURE;

security/manager/ssl/LocalCertService.cpp

@@ -4,10 +4,12 @@
 
 #include "LocalCertService.h"
 
+#include "CryptoTask.h"
+#include "ScopedNSSTypes.h"
+#include "cert.h"
+#include "mozilla/Casting.h"
 #include "mozilla/ModuleUtils.h"
 #include "mozilla/RefPtr.h"
-#include "cert.h"
-#include "CryptoTask.h"
 #include "nsIPK11Token.h"
 #include "nsIPK11TokenDB.h"
 #include "nsIX509Cert.h"
@@ -18,7 +20,6 @@
 #include "nsServiceManagerUtils.h"
 #include "nsString.h"
 #include "pk11pub.h"
-#include "ScopedNSSTypes.h"
 
 namespace mozilla {
 
@@ -181,10 +182,9 @@ private:
     // Generate random serial
     unsigned long serial;
     // This serial in principle could collide, but it's unlikely
-    rv = MapSECStatus(
-           PK11_GenerateRandomOnSlot(slot.get(),
-                                     reinterpret_cast<unsigned char *>(&serial),
-                                     sizeof(serial)));
+    rv = MapSECStatus(PK11_GenerateRandomOnSlot(
+           slot.get(), BitwiseCast<unsigned char*, unsigned long*>(&serial),
+           sizeof(serial)));
     if (NS_FAILED(rv)) {
       return rv;
     }

security/manager/ssl/PSMContentListener.cpp

@@ -182,17 +182,20 @@ PSMContentStreamListener::ImportCertificate()
 
   switch (mType) {
   case X509_CA_CERT:
-    certdb->ImportCertificates(reinterpret_cast<uint8_t*>(mByteData.BeginWriting()),
+    certdb->ImportCertificates(BitwiseCast<uint8_t*, char*>(
+                                 mByteData.BeginWriting()),
                                mByteData.Length(), mType, ctx);
     break;
 
   case X509_USER_CERT:
-    certdb->ImportUserCertificate(reinterpret_cast<uint8_t*>(mByteData.BeginWriting()),
+    certdb->ImportUserCertificate(BitwiseCast<uint8_t*, char*>(
+                                    mByteData.BeginWriting()),
                                   mByteData.Length(), ctx);
     break;
 
   case X509_EMAIL_CERT:
-    certdb->ImportEmailCertificate(reinterpret_cast<uint8_t*>(mByteData.BeginWriting()),
+    certdb->ImportEmailCertificate(BitwiseCast<uint8_t*, char*>(
+                                     mByteData.BeginWriting()),
                                    mByteData.Length(), ctx);
     break;
 

security/manager/ssl/PublicKeyPinningService.cpp

@@ -4,15 +4,16 @@
 
 #include "PublicKeyPinningService.h"
 
+#include "RootCertificateTelemetryUtils.h"
 #include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Logging.h"
 #include "mozilla/Telemetry.h"
 #include "nsISiteSecurityService.h"
 #include "nsServiceManagerUtils.h"
 #include "nsSiteSecurityService.h"
 #include "nssb64.h"
 #include "pkix/pkixtypes.h"
-#include "mozilla/Logging.h"
-#include "RootCertificateTelemetryUtils.h"
 #include "seccomon.h"
 #include "sechash.h"
 
@@ -39,7 +40,7 @@ GetBase64HashSPKI(const CERTCertificate* cert, nsACString& hashSPKIDigest)
     return rv;
   }
   return Base64Encode(nsDependentCSubstring(
-                        reinterpret_cast<const char*>(digest.get().data),
+                        BitwiseCast<char*, unsigned char*>(digest.get().data),
                         digest.get().len),
                       hashSPKIDigest);
 }

security/manager/ssl/SSLServerCertVerification.cpp

@@ -107,6 +107,7 @@
 #include "SharedSSLState.h"
 #include "cert.h"
 #include "mozilla/Assertions.h"
+#include "mozilla/Casting.h"
 #include "mozilla/Mutex.h"
 #include "mozilla/Telemetry.h"
 #include "mozilla/UniquePtr.h"
@@ -963,7 +964,8 @@ GatherBaselineRequirementsTelemetry(const UniqueCERTCertList& certList)
   do {
     nsAutoCString altName;
     if (currentName->type == certDNSName) {
-      altName.Assign(reinterpret_cast<char*>(currentName->name.other.data),
+      altName.Assign(BitwiseCast<char*, unsigned char*>(
+                       currentName->name.other.data),
                      currentName->name.other.len);
       nsDependentCString altNameWithoutWildcard(altName, 0);
       if (StringBeginsWith(altNameWithoutWildcard, NS_LITERAL_CSTRING("*."))) {

security/manager/ssl/ScopedNSSTypes.h

@@ -16,6 +16,7 @@
 #include "cms.h"
 #include "cryptohi.h"
 #include "keyhi.h"
+#include "mozilla/Casting.h"
 #include "mozilla/Likely.h"
 #include "mozilla/Scoped.h"
 #include "mozilla/UniquePtr.h"
@@ -37,21 +38,23 @@
 
 namespace mozilla {
 
+// Deprecated: Use something like |mozilla::BitwiseCast<char*, uint8_t*>(p)|
+//             instead.
 // It is very common to cast between char* and uint8_t* when doing crypto stuff.
 // Here, we provide more type-safe wrappers around reinterpret_cast so you don't
 // shoot yourself in the foot by reinterpret_casting completely unrelated types.
 
-inline char *
-char_ptr_cast(uint8_t * p) { return reinterpret_cast<char *>(p); }
+inline char*
+char_ptr_cast(uint8_t* p) { return BitwiseCast<char*>(p); }
 
-inline const char *
-char_ptr_cast(const uint8_t * p) { return reinterpret_cast<const char *>(p); }
+inline const char*
+char_ptr_cast(const uint8_t* p) { return BitwiseCast<const char*>(p); }
 
-inline uint8_t *
-uint8_t_ptr_cast(char * p) { return reinterpret_cast<uint8_t*>(p); }
+inline uint8_t*
+uint8_t_ptr_cast(char* p) { return BitwiseCast<uint8_t*>(p); }
 
-inline const uint8_t *
-uint8_t_ptr_cast(const char * p) { return reinterpret_cast<const uint8_t*>(p); }
+inline const uint8_t*
+uint8_t_ptr_cast(const char* p) { return BitwiseCast<const uint8_t*>(p); }
 
 // NSPR APIs use PRStatus/PR_GetError and NSS APIs use SECStatus/PR_GetError to
 // report success/failure. This function makes it more convenient and *safer*

security/manager/ssl/TransportSecurityInfo.cpp

@@ -6,28 +6,28 @@
 
 #include "TransportSecurityInfo.h"
 
-#include "pkix/pkixtypes.h"
-#include "nsNSSComponent.h"
-#include "nsIWebProgressListener.h"
-#include "nsNSSCertificate.h"
-#include "nsIX509CertValidity.h"
-#include "nsIDateTimeFormat.h"
+#include "PSMRunnable.h"
+#include "mozilla/Casting.h"
+#include "nsComponentManagerUtils.h"
+#include "nsIArray.h"
 #include "nsICertOverrideService.h"
+#include "nsIDateTimeFormat.h"
 #include "nsIObjectInputStream.h"
 #include "nsIObjectOutputStream.h"
+#include "nsIWebProgressListener.h"
+#include "nsIX509CertValidity.h"
 #include "nsNSSCertHelper.h"
-#include "nsIArray.h"
-#include "nsComponentManagerUtils.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
 #include "nsReadableUtils.h"
 #include "nsServiceManagerUtils.h"
 #include "nsXULAppAPI.h"
-#include "PSMRunnable.h"
-
+#include "pkix/pkixtypes.h"
 #include "secerr.h"
 
 //#define DEBUG_SSL_VERBOSE //Enable this define to get minimal 
                             //reports when doing SSL read/write
-                            
+
 //#define DUMP_BUFFER  //Enable this define along with
                        //DEBUG_SSL_VERBOSE to dump SSL
                        //read/write buffer to a log.
@@ -421,7 +421,7 @@ TransportSecurityInfo::Read(nsIObjectInputStream* stream)
   if (NS_FAILED(rv)) {
     return rv;
   }
-  mSSLStatus = reinterpret_cast<nsSSLStatus*>(supports.get());
+  mSSLStatus = BitwiseCast<nsSSLStatus*, nsISupports*>(supports.get());
 
   nsCOMPtr<nsISupports> failedCertChainSupports;
   rv = NS_ReadOptionalObject(stream, true, getter_AddRefs(failedCertChainSupports));
@@ -650,9 +650,9 @@ GetSubjectAltNames(CERTCertificate* nssCert, nsString& allNames)
     switch (current->type) {
       case certDNSName:
         {
-          nsDependentCSubstring nameFromCert(reinterpret_cast<char*>
-                                              (current->name.other.data),
-                                              current->name.other.len);
+          nsDependentCSubstring nameFromCert(BitwiseCast<char*, unsigned char*>(
+                                               current->name.other.data),
+                                             current->name.other.len);
           // dNSName fields are defined as type IA5String and thus should
           // be limited to ASCII characters.
           if (IsASCII(nameFromCert)) {

security/manager/ssl/nsDataSignatureVerifier.cpp

@@ -7,6 +7,7 @@
 #include "cms.h"
 #include "cryptohi.h"
 #include "keyhi.h"
+#include "mozilla/Casting.h"
 #include "mozilla/unused.h"
 #include "nsCOMPtr.h"
 #include "nsNSSComponent.h"
@@ -108,7 +109,8 @@ nsDataSignatureVerifier::VerifyData(const nsACString& aData,
   // Perform the final verification
   DER_ConvertBitString(&(sigData.signature));
   srv = VFY_VerifyDataWithAlgorithmID(
-    reinterpret_cast<const unsigned char*>(PromiseFlatCString(aData).get()),
+    BitwiseCast<const unsigned char*, const char*>(
+      PromiseFlatCString(aData).get()),
     aData.Length(), publicKey.get(), &(sigData.signature),
     &(sigData.signatureAlgorithm), nullptr, nullptr);
 
@@ -292,7 +294,7 @@ nsDataSignatureVerifier::VerifySignature(const char* aRSABuf,
 
   SECItem buffer = {
     siBuffer,
-    reinterpret_cast<uint8_t*>(const_cast<char*>(aRSABuf)),
+    BitwiseCast<unsigned char*, const char*>(aRSABuf),
     aRSABufLen
   };
 

security/manager/ssl/nsNSSCallbacks.cpp

@@ -6,6 +6,8 @@
 
 #include "nsNSSCallbacks.h"
 
+#include "mozilla/ArrayUtils.h"
+#include "mozilla/Casting.h"
 #include "mozilla/Telemetry.h"
 #include "mozilla/TimeStamp.h"
 #include "nsContentUtils.h"
@@ -861,17 +863,18 @@ PreliminaryHandshakeDone(PRFileDesc* fd)
   unsigned char npnbuf[256];
   unsigned int npnlen;
 
-  if (SSL_GetNextProto(fd, &state, npnbuf, &npnlen, 256) == SECSuccess) {
+  if (SSL_GetNextProto(fd, &state, npnbuf, &npnlen,
+                       AssertedCast<unsigned int>(ArrayLength(npnbuf)))
+        == SECSuccess) {
     if (state == SSL_NEXT_PROTO_NEGOTIATED ||
         state == SSL_NEXT_PROTO_SELECTED) {
-      infoObject->SetNegotiatedNPN(reinterpret_cast<char *>(npnbuf), npnlen);
-    }
-    else {
+      infoObject->SetNegotiatedNPN(BitwiseCast<char*, unsigned char*>(npnbuf),
+                                   npnlen);
+    } else {
       infoObject->SetNegotiatedNPN(nullptr, 0);
     }
     mozilla::Telemetry::Accumulate(Telemetry::SSL_NPN_TYPE, state);
-  }
-  else {
+  } else {
     infoObject->SetNegotiatedNPN(nullptr, 0);
   }
 

security/manager/ssl/nsNSSCertHelper.cpp

@@ -6,6 +6,7 @@
 
 #include <algorithm>
 
+#include "mozilla/Casting.h"
 #include "mozilla/Snprintf.h"
 #include "mozilla/UniquePtr.h"
 #include "nsCOMPtr.h"
@@ -100,7 +101,7 @@ ProcessVersion(SECItem* versionItem, nsINSSComponent* nssComponent,
     if (versionItem->len != 1) {
       return NS_ERROR_FAILURE;
     }
-    version = *reinterpret_cast<const uint8_t*>(versionItem->data);
+    version = *BitwiseCast<uint8_t*, unsigned char*>(versionItem->data);
   } else {
     // If there is no version present in the cert, then RFC 5280 says we
     // default to v1 (0).

security/manager/ssl/nsNSSCertificate.cpp

@@ -10,6 +10,7 @@
 #include "NSSCertDBTrustDomain.h"
 #include "certdb.h"
 #include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
 #include "mozilla/unused.h"
 #include "nsArray.h"
 #include "nsCOMPtr.h"
@@ -532,12 +533,14 @@ nsNSSCertificate::GetDbKey(const UniqueCERTCertificate& cert, nsACString& aDbKey
   const char leadingZeroes[] = {0, 0, 0, 0, 0, 0, 0, 0};
   buf.Append(leadingZeroes, sizeof(leadingZeroes));
   uint32_t serialNumberLen = htonl(cert->serialNumber.len);
-  buf.Append(reinterpret_cast<const char*>(&serialNumberLen), sizeof(uint32_t));
+  buf.Append(BitwiseCast<const char*, const uint32_t*>(&serialNumberLen),
+             sizeof(uint32_t));
   uint32_t issuerLen = htonl(cert->derIssuer.len);
-  buf.Append(reinterpret_cast<const char*>(&issuerLen), sizeof(uint32_t));
-  buf.Append(reinterpret_cast<const char*>(cert->serialNumber.data),
+  buf.Append(BitwiseCast<const char*, const uint32_t*>(&issuerLen),
+             sizeof(uint32_t));
+  buf.Append(BitwiseCast<char*, unsigned char*>(cert->serialNumber.data),
              cert->serialNumber.len);
-  buf.Append(reinterpret_cast<const char*>(cert->derIssuer.data),
+  buf.Append(BitwiseCast<char*, unsigned char*>(cert->derIssuer.data),
              cert->derIssuer.len);
 
   return Base64Encode(buf, aDbKey);
@@ -1101,7 +1104,7 @@ nsNSSCertificate::GetSha256SubjectPublicKeyInfoDigest(nsACString& aSha256SPKIDig
     return rv;
   }
   rv = Base64Encode(nsDependentCSubstring(
-                      reinterpret_cast<const char*> (digest.get().data),
+                      BitwiseCast<char*, unsigned char*>(digest.get().data),
                       digest.get().len),
                     aSha256SPKIDigest);
   if (NS_WARN_IF(NS_FAILED(rv))) {

security/manager/ssl/nsNSSCertificateDB.cpp

@@ -9,6 +9,7 @@
 #include "NSSCertDBTrustDomain.h"
 #include "SharedSSLState.h"
 #include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
 #include "mozilla/unused.h"
 #include "nsArray.h"
 #include "nsArrayUtils.h"
@@ -179,24 +180,28 @@ nsNSSCertificateDB::FindCertByDBKey(const char* aDBKey,
     return NS_ERROR_ILLEGAL_INPUT;
   }
   const char* reader = decoded.BeginReading();
-  uint64_t zeroes = *reinterpret_cast<const uint64_t*>(reader);
+  uint64_t zeroes = *BitwiseCast<const uint64_t*, const char*>(reader);
   if (zeroes != 0) {
     return NS_ERROR_ILLEGAL_INPUT;
   }
   reader += sizeof(uint64_t);
-  uint32_t serialNumberLen = ntohl(*reinterpret_cast<const uint32_t*>(reader));
+  // Note: We surround the ntohl() argument with parentheses to stop the macro
+  //       from thinking two arguments were passed.
+  uint32_t serialNumberLen = ntohl(
+    (*BitwiseCast<const uint32_t*, const char*>(reader)));
   reader += sizeof(uint32_t);
-  uint32_t issuerLen = ntohl(*reinterpret_cast<const uint32_t*>(reader));
+  uint32_t issuerLen = ntohl(
+    (*BitwiseCast<const uint32_t*, const char*>(reader)));
   reader += sizeof(uint32_t);
   if (decoded.Length() != 16ULL + serialNumberLen + issuerLen) {
     return NS_ERROR_ILLEGAL_INPUT;
   }
   CERTIssuerAndSN issuerSN;
   issuerSN.serialNumber.len = serialNumberLen;
-  issuerSN.serialNumber.data = (unsigned char*)reader;
+  issuerSN.serialNumber.data = BitwiseCast<unsigned char*, const char*>(reader);
   reader += serialNumberLen;
   issuerSN.derIssuer.len = issuerLen;
-  issuerSN.derIssuer.data = (unsigned char*)reader;
+  issuerSN.derIssuer.data = BitwiseCast<unsigned char*, const char*>(reader);
   reader += issuerLen;
   MOZ_ASSERT(reader == decoded.EndReading());
 
@@ -464,9 +469,8 @@ nsNSSCertificateDB::ImportCertificates(uint8_t* data, uint32_t length,
   // Now let's create some certs to work with
   for (int i = 0; i < certCollection->numcerts; i++) {
     SECItem* currItem = &certCollection->rawCerts[i];
-    nsCOMPtr<nsIX509Cert> cert =
-      nsNSSCertificate::ConstructFromDER(reinterpret_cast<char*>(currItem->data),
-                                         currItem->len);
+    nsCOMPtr<nsIX509Cert> cert = nsNSSCertificate::ConstructFromDER(
+      BitwiseCast<char*, unsigned char*>(currItem->data), currItem->len);
     if (!cert) {
       return NS_ERROR_FAILURE;
     }

security/manager/ssl/nsNSSComponent.cpp

@@ -12,6 +12,7 @@
 #include "SharedSSLState.h"
 #include "cert.h"
 #include "certdb.h"
+#include "mozilla/Casting.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/PublicSSL.h"
 #include "mozilla/Services.h"
@@ -440,7 +441,7 @@ GetUserSid(nsAString& sidString)
     return false;
   }
   char sid_buffer[SECURITY_MAX_SID_SIZE];
-  SID* sid = reinterpret_cast<SID*>(sid_buffer);
+  SID* sid = BitwiseCast<SID*, char*>(sid_buffer);
   DWORD cbSid = MOZ_ARRAY_LENGTH(sid_buffer);
   SID_NAME_USE eUse;
   // There doesn't appear to be a defined maximum length for the domain name

security/manager/ssl/nsNSSIOLayer.cpp

@@ -465,7 +465,7 @@ nsNSSSocketInfo::SetNPNList(nsTArray<nsCString>& protocolArray)
 
   if (SSL_SetNextProtoNego(
         mFd,
-        reinterpret_cast<const unsigned char*>(npnList.get()),
+        BitwiseCast<const unsigned char*, const char*>(npnList.get()),
         npnList.Length()) != SECSuccess)
     return NS_ERROR_FAILURE;
 
@@ -2043,7 +2043,7 @@ nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
   }
 
   RefPtr<nsNSSSocketInfo> info(
-    reinterpret_cast<nsNSSSocketInfo*>(socket->higher->secret));
+    BitwiseCast<nsNSSSocketInfo*, PRFilePrivate*>(socket->higher->secret));
 
   UniqueCERTCertificate serverCert(SSL_PeerCertificate(socket));
   if (!serverCert) {
@@ -2240,7 +2240,7 @@ ClientAuthDataRunnable::RunOnTargetThread()
             getter_AddRefs(found_cert));
           if (NS_SUCCEEDED(find_rv) && found_cert) {
             nsNSSCertificate* obj_cert =
-              reinterpret_cast<nsNSSCertificate*>(found_cert.get());
+              BitwiseCast<nsNSSCertificate*, nsIX509Cert*>(found_cert.get());
             if (obj_cert) {
               cert.reset(obj_cert->GetCert());
             }

security/manager/ssl/nsNSSShutDown.cpp

@@ -2,6 +2,7 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include "mozilla/Casting.h"
 #include "nsNSSShutDown.h"
 #include "nsCOMPtr.h"
 
@@ -114,8 +115,8 @@ nsresult nsNSSShutDownList::doPK11Logout()
        !iter.Done();
        iter.Next()) {
     auto entry = static_cast<ObjectHashEntry*>(iter.Get());
-    nsOnPK11LogoutCancelObject *pklco =
-      reinterpret_cast<nsOnPK11LogoutCancelObject*>(entry->obj);
+    nsOnPK11LogoutCancelObject* pklco =
+      BitwiseCast<nsOnPK11LogoutCancelObject*, nsNSSShutDownObject*>(entry->obj);
     if (pklco) {
       pklco->logout();
     }

security/manager/ssl/nsNSSU2FToken.cpp

@@ -7,6 +7,7 @@
 #include "nsNSSU2FToken.h"
 
 #include "CryptoBuffer.h"
+#include "mozilla/Casting.h"
 #include "nsNSSComponent.h"
 #include "pk11pub.h"
 #include "prerror.h"
@@ -245,7 +246,8 @@ GetAttestationCertificate(const UniquePK11SlotInfo& aSlot,
   }
 
   unsigned long serial;
-  unsigned char* serialBytes = reinterpret_cast<unsigned char *>(&serial);
+  unsigned char* serialBytes =
+    mozilla::BitwiseCast<unsigned char*, unsigned long*>(&serial);
   SECStatus srv = PK11_GenerateRandomOnSlot(aSlot.get(), serialBytes,
                                             sizeof(serial));
   if (srv != SECSuccess) {

security/manager/ssl/nsNTLMAuthModule.cpp

@@ -9,6 +9,7 @@
 
 #include "ScopedNSSTypes.h"
 #include "md4.h"
+#include "mozilla/Casting.h"
 #include "mozilla/CheckedInt.h"
 #include "mozilla/Endian.h"
 #include "mozilla/Likely.h"
@@ -494,7 +495,8 @@ ParseType2Msg(const void *inBuf, uint32_t inLen, Type2Msg *msg)
 
   LOG(("NTLM type 2 message:\n"));
   LogBuf("target", msg->target, msg->targetLen);
-  LogBuf("flags", reinterpret_cast<const uint8_t*> (&msg->flags), 4);
+  LogBuf("flags",
+         mozilla::BitwiseCast<const uint8_t*, const uint32_t*>(&msg->flags), 4);
   LogFlags(msg->flags);
   LogBuf("challenge", msg->challenge, sizeof(msg->challenge));
 
@@ -688,7 +690,8 @@ GenerateType3Msg(const nsString &domain,
 #endif
 
     NTLM_Hash(password, ntlmHash);
-    ntlmHashStr = nsAutoCString(reinterpret_cast<const char *>(ntlmHash), NTLM_HASH_LEN);
+    ntlmHashStr = nsAutoCString(
+      mozilla::BitwiseCast<const char*, const uint8_t*>(ntlmHash), NTLM_HASH_LEN);
 
     nsCOMPtr<nsIKeyObjectFactory> keyFactory =
         do_CreateInstance(NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &rv);
@@ -817,7 +820,6 @@ GenerateType3Msg(const nsString &domain,
   } else if (msg.flags & NTLM_NegotiateNTLM2Key) {
     // compute NTLM2 session response
     nsCString sessionHashString;
-    const uint8_t *sessionHash;
 
     PK11_GenerateRandom(lmResp, NTLM_CHAL_LEN);
     memset(lmResp + NTLM_CHAL_LEN, 0, LM_RESP_LEN - NTLM_CHAL_LEN);
@@ -844,7 +846,8 @@ GenerateType3Msg(const nsString &domain,
       return rv;
     }
 
-    sessionHash = reinterpret_cast<const uint8_t*> (sessionHashString.get());
+    auto sessionHash = mozilla::BitwiseCast<const uint8_t*, const char*>(
+      sessionHashString.get());
 
     LogBuf("NTLM2 effective key: ", sessionHash, 8);
 

security/manager/ssl/nsPK11TokenDB.cpp

@@ -5,6 +5,7 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "nsPK11TokenDB.h"
 
+#include "mozilla/Casting.h"
 #include "mozilla/unused.h"
 #include "nsIMutableArray.h"
 #include "nsISupports.h"
@@ -46,7 +47,7 @@ nsPK11Token::refreshTokenInfo(const nsNSSShutDownPreventionLock& /*proofOfLock*/
   }
 
   // Set the Label field
-  const char* ccLabel = reinterpret_cast<const char*>(tokInfo.label);
+  const char* ccLabel = mozilla::BitwiseCast<char*, CK_UTF8CHAR*>(tokInfo.label);
   const nsACString& cLabel = Substring(
     ccLabel,
     ccLabel + PL_strnlen(ccLabel, sizeof(tokInfo.label)));
@@ -54,7 +55,8 @@ nsPK11Token::refreshTokenInfo(const nsNSSShutDownPreventionLock& /*proofOfLock*/
   mTokenLabel.Trim(" ", false, true);
 
   // Set the Manufacturer field
-  const char* ccManID = reinterpret_cast<const char*>(tokInfo.manufacturerID);
+  const char* ccManID =
+    mozilla::BitwiseCast<char*, CK_UTF8CHAR*>(tokInfo.manufacturerID);
   const nsACString& cManID = Substring(
     ccManID,
     ccManID + PL_strnlen(ccManID, sizeof(tokInfo.manufacturerID)));
@@ -72,7 +74,8 @@ nsPK11Token::refreshTokenInfo(const nsNSSShutDownPreventionLock& /*proofOfLock*/
   mTokenFWVersion.AppendInt(tokInfo.firmwareVersion.minor);
 
   // Set the Serial Number field
-  const char* ccSerial = reinterpret_cast<const char*>(tokInfo.serialNumber);
+  const char* ccSerial =
+    mozilla::BitwiseCast<char*, CK_CHAR*>(tokInfo.serialNumber);
   const nsACString& cSerial = Substring(
     ccSerial,
     ccSerial + PL_strnlen(ccSerial, sizeof(tokInfo.serialNumber)));

security/manager/ssl/nsPKCS11Slot.cpp

@@ -4,6 +4,7 @@
 
 #include "nsPKCS11Slot.h"
 
+#include "mozilla/Casting.h"
 #include "mozilla/Logging.h"
 #include "mozilla/Telemetry.h"
 #include "mozilla/unused.h"
@@ -41,7 +42,8 @@ nsPKCS11Slot::refreshSlotInfo(const nsNSSShutDownPreventionLock& /*proofOfLock*/
   }
 
   // Set the Description field
-  const char* ccDesc = reinterpret_cast<const char*>(slotInfo.slotDescription);
+  const char* ccDesc =
+    mozilla::BitwiseCast<char*, CK_UTF8CHAR*>(slotInfo.slotDescription);
   const nsACString& cDesc = Substring(
     ccDesc,
     ccDesc + PL_strnlen(ccDesc, sizeof(slotInfo.slotDescription)));
@@ -49,7 +51,8 @@ nsPKCS11Slot::refreshSlotInfo(const nsNSSShutDownPreventionLock& /*proofOfLock*/
   mSlotDesc.Trim(" ", false, true);
 
   // Set the Manufacturer field
-  const char* ccManID = reinterpret_cast<const char*>(slotInfo.manufacturerID);
+  const char* ccManID =
+    mozilla::BitwiseCast<char*, CK_UTF8CHAR*>(slotInfo.manufacturerID);
   const nsACString& cManID = Substring(
     ccManID,
     ccManID + PL_strnlen(ccManID, sizeof(slotInfo.manufacturerID)));

security/manager/ssl/nsPKCS12Blob.cpp

@@ -5,6 +5,7 @@
 #include "nsPKCS12Blob.h"
 
 #include "ScopedNSSTypes.h"
+#include "mozilla/Casting.h"
 #include "nsCRT.h"
 #include "nsCRTGlue.h"
 #include "nsDirectoryServiceDefs.h"
@@ -597,8 +598,8 @@ nsPKCS12Blob::digest_write(void *arg, unsigned char *buf, unsigned long len)
   // make sure we are in write mode, read iterator has not yet been allocated
   NS_ENSURE_FALSE(cx->mDigestIterator, SECFailure);
 
-  cx->mDigest->Append(reinterpret_cast<char *>(buf),
-                     static_cast<uint32_t>(len));
+  cx->mDigest->Append(BitwiseCast<char*, unsigned char*>(buf),
+                      static_cast<uint32_t>(len));
 
   return len;
 }

security/manager/ssl/tests/compiled/TestMD4.cpp

@@ -6,6 +6,7 @@
 
 #include "TestHarness.h"
 #include "md4.h"
+#include "mozilla/Casting.h"
 
 // The md4 implementation isn't built as a separate library. This is the easiest
 // way to expose the symbols necessary to test the implementation.
@@ -52,7 +53,8 @@ TestMD4()
 
   for (size_t i = 0; i < MOZ_ARRAY_LENGTH(rfc1320_test_values); i++) {
     uint8_t md4_result[16];
-    md4sum(reinterpret_cast<const uint8_t*>(rfc1320_test_values[i].data),
+    md4sum(mozilla::BitwiseCast<const uint8_t*, const char*>(
+             rfc1320_test_values[i].data),
            strlen(rfc1320_test_values[i].data), md4_result);
     if (memcmp(md4_result, rfc1320_test_values[i].md4, 16) != 0) {
       fail("MD4 comparison test value #%d from RFC1320 failed", i + 1);

security/manager/ssl/tests/gtest/OCSPCacheTest.cpp

@@ -7,6 +7,7 @@
 #include "CertVerifier.h"
 #include "OCSPCache.h"
 #include "gtest/gtest.h"
+#include "mozilla/Casting.h"
 #include "mozilla/Snprintf.h"
 #include "nss.h"
 #include "pkix/pkixtypes.h"
@@ -22,6 +23,9 @@ template <size_t N>
 inline Input
 LiteralInput(const char(&valueString)[N])
 {
+  // Ideally we would use mozilla::BitwiseCast() here rather than
+  // reinterpret_cast for better type checking, but the |N - 1| part trips
+  // static asserts.
   return Input(reinterpret_cast<const uint8_t(&)[N - 1]>(valueString));
 }
 
@@ -85,7 +89,8 @@ TEST_F(OCSPCacheTest, TestVariousGets)
   SCOPED_TRACE("");
   for (int i = 0; i < MaxCacheEntries; i++) {
     uint8_t serialBuf[8];
-    snprintf(reinterpret_cast<char*>(serialBuf), sizeof(serialBuf), "%04d", i);
+    snprintf(mozilla::BitwiseCast<char*, uint8_t*>(serialBuf), sizeof(serialBuf),
+             "%04d", i);
     Input fakeSerial;
     ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4));
     Time timeIn(now);
@@ -134,7 +139,8 @@ TEST_F(OCSPCacheTest, TestEviction)
   // we cause the least recently used entry to be evicted.
   for (int i = 0; i < MaxCacheEntries + 1; i++) {
     uint8_t serialBuf[8];
-    snprintf(reinterpret_cast<char*>(serialBuf), sizeof(serialBuf), "%04d", i);
+    snprintf(mozilla::BitwiseCast<char*, uint8_t*>(serialBuf), sizeof(serialBuf),
+             "%04d", i);
     Input fakeSerial;
     ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4));
     Time timeIn(now);
@@ -159,7 +165,8 @@ TEST_F(OCSPCacheTest, TestNoEvictionForRevokedResponses)
   // we cause the least recently used entry that isn't revoked to be evicted.
   for (int i = 1; i < MaxCacheEntries + 1; i++) {
     uint8_t serialBuf[8];
-    snprintf(reinterpret_cast<char*>(serialBuf), sizeof(serialBuf), "%04d", i);
+    snprintf(mozilla::BitwiseCast<char*, uint8_t*>(serialBuf), sizeof(serialBuf),
+             "%04d", i);
     Input fakeSerial;
     ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4));
     Time timeIn(now);
@@ -185,7 +192,8 @@ TEST_F(OCSPCacheTest, TestEverythingIsRevoked)
   // Fill up the cache with revoked responses.
   for (int i = 0; i < MaxCacheEntries; i++) {
     uint8_t serialBuf[8];
-    snprintf(reinterpret_cast<char*>(serialBuf), sizeof(serialBuf), "%04d", i);
+    snprintf(mozilla::BitwiseCast<char*, uint8_t*>(serialBuf), sizeof(serialBuf),
+             "%04d", i);
     Input fakeSerial;
     ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4));
     Time timeIn(now);

security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp

@@ -129,7 +129,7 @@ AddKeyFromFile(const char* basePath, const char* filename)
 
   unsigned int binLength;
   UniquePORTString bin(
-    reinterpret_cast<char*>(ATOB_AsciiToData(base64, &binLength)));
+    BitwiseCast<char*, unsigned char*>(ATOB_AsciiToData(base64, &binLength)));
   if (!bin || binLength == 0) {
     PrintPRError("ATOB_AsciiToData failed");
     return SECFailure;

security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.h

@@ -14,8 +14,10 @@
 // it will connect to a specified port and issue a simple HTTP request.
 
 #include <stdint.h>
-#include "prio.h"
+
 #include "ScopedNSSTypes.h"
+#include "mozilla/Casting.h"
+#include "prio.h"
 #include "secerr.h"
 #include "ssl.h"
 
@@ -63,7 +65,7 @@ GetHostForSNI(const SECItem *aSrvNameArr, uint32_t aSrvNameArrSize,
   for (uint32_t i = 0; i < aSrvNameArrSize; i++) {
     for (const Host *host = hosts; host->mHostName; ++host) {
       SECItem hostName;
-      hostName.data = reinterpret_cast<uint8_t*>(const_cast<char*>(host->mHostName));
+      hostName.data = BitwiseCast<unsigned char*, const char*>(host->mHostName);
       hostName.len = strlen(host->mHostName);
       if (SECITEM_ItemsAreEqual(&hostName, &aSrvNameArr[i])) {
         if (gDebugLevel >= DEBUG_VERBOSE) {