From e8b27b70d37f5c9babcee47edc5b30cb8c63dcd7 Mon Sep 17 00:00:00 2001
From: David Keeler <dkeeler@mozilla.com>
Date: Fri, 12 Jul 2013 10:00:22 -0700
Subject: [PATCH] bug 882865 - cryptojs key gen cleanup: use EqualsLiteral()
 r=bsmith r=Ms2ger r=khuey

---
 security/manager/ssl/src/nsCrypto.cpp         | 77 ++++++++++---------
 .../ssl/tests/mochitest/bugs/Makefile.in      |  8 ++
 .../tests/mochitest/bugs/test_bug882865.html  | 39 ++++++++++
 3 files changed, 88 insertions(+), 36 deletions(-)
 create mode 100644 security/manager/ssl/tests/mochitest/bugs/test_bug882865.html

diff --git a/security/manager/ssl/src/nsCrypto.cpp b/security/manager/ssl/src/nsCrypto.cpp
index 17654b4020c3..e572cbe996ea 100644
--- a/security/manager/ssl/src/nsCrypto.cpp
+++ b/security/manager/ssl/src/nsCrypto.cpp
@@ -37,6 +37,7 @@
 #include "nsContentUtils.h"
 #include "nsCxPusher.h"
 #include "nsDOMJSUtils.h"
+#include "nsJSUtils.h"
 #include "nsIXPConnect.h"
 #include "nsIRunnable.h"
 #include "nsIWindowWatcher.h"
@@ -339,53 +340,53 @@ cryptojs_convert_to_mechanism(nsKeyGenType keyGenType)
 }
 
 /*
- * This function converts a string read through JavaScript parameters
+ * This function takes a string read through JavaScript parameters
  * and translates it to the internal enumeration representing the
- * key gen type.
+ * key gen type. Leading and trailing whitespace must be already removed.
  */
 static nsKeyGenType
-cryptojs_interpret_key_gen_type(char *keyAlg)
+cryptojs_interpret_key_gen_type(const nsAString& keyAlg)
 {
-  char *end;
-  if (!keyAlg) {
-    return invalidKeyGen;
-  }
-  /* First let's remove all leading and trailing white space */
-  while (isspace(keyAlg[0])) keyAlg++;
-  end = strchr(keyAlg, '\0');
-  if (!end) {
-    return invalidKeyGen;
-  }
-  end--;
-  while (isspace(*end)) end--;
-  end[1] = '\0';
-  if (strcmp(keyAlg, "rsa-ex") == 0) {
+  if (keyAlg.EqualsLiteral("rsa-ex")) {
     return rsaEnc;
-  } else if (strcmp(keyAlg, "rsa-dual-use") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("rsa-dual-use")) {
     return rsaDualUse;
-  } else if (strcmp(keyAlg, "rsa-sign") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("rsa-sign")) {
     return rsaSign;
-  } else if (strcmp(keyAlg, "rsa-sign-nonrepudiation") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("rsa-sign-nonrepudiation")) {
     return rsaSignNonrepudiation;
-  } else if (strcmp(keyAlg, "rsa-nonrepudiation") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("rsa-nonrepudiation")) {
     return rsaNonrepudiation;
-  } else if (strcmp(keyAlg, "ec-ex") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("ec-ex")) {
     return ecEnc;
-  } else if (strcmp(keyAlg, "ec-dual-use") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("ec-dual-use")) {
     return ecDualUse;
-  } else if (strcmp(keyAlg, "ec-sign") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("ec-sign")) {
     return ecSign;
-  } else if (strcmp(keyAlg, "ec-sign-nonrepudiation") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("ec-sign-nonrepudiation")) {
     return ecSignNonrepudiation;
-  } else if (strcmp(keyAlg, "ec-nonrepudiation") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("ec-nonrepudiation")) {
     return ecNonrepudiation;
-  } else if (strcmp(keyAlg, "dsa-sign-nonrepudiation") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("dsa-sign-nonrepudiation")) {
     return dsaSignNonrepudiation;
-  } else if (strcmp(keyAlg, "dsa-sign") ==0 ){
+  }
+  if (keyAlg.EqualsLiteral("dsa-sign")) {
     return dsaSign;
-  } else if (strcmp(keyAlg, "dsa-nonrepudiation") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("dsa-nonrepudiation")) {
     return dsaNonrepudiation;
-  } else if (strcmp(keyAlg, "dh-ex") == 0) {
+  }
+  if (keyAlg.EqualsLiteral("dh-ex")) {
     return dhEx;
   }
   return invalidKeyGen;
@@ -916,7 +917,7 @@ cryptojs_ReadArgsAndGenerateKey(JSContext *cx,
                                 PK11SlotInfo **slot, bool willEscrow)
 {
   JSString  *jsString;
-  JSAutoByteString params, keyGenAlg;
+  JSAutoByteString params;
   int    keySize;
   nsresult  rv;
 
@@ -942,13 +943,16 @@ cryptojs_ReadArgsAndGenerateKey(JSContext *cx,
   jsString = JS_ValueToString(cx, argv[2]);
   NS_ENSURE_TRUE(jsString, NS_ERROR_OUT_OF_MEMORY);
   argv[2] = STRING_TO_JSVAL(jsString);
-  keyGenAlg.encodeLatin1(cx, jsString);
-  NS_ENSURE_TRUE(!!keyGenAlg, NS_ERROR_OUT_OF_MEMORY);
-  keyGenType->keyGenType = cryptojs_interpret_key_gen_type(keyGenAlg.ptr());
+  nsDependentJSString dependentKeyGenAlg;
+  NS_ENSURE_TRUE(dependentKeyGenAlg.init(cx, jsString), NS_ERROR_UNEXPECTED);
+  nsAutoString keyGenAlg(dependentKeyGenAlg);
+  keyGenAlg.Trim("\r\n\t ");
+  keyGenType->keyGenType = cryptojs_interpret_key_gen_type(keyGenAlg);
   if (keyGenType->keyGenType == invalidKeyGen) {
+    NS_LossyConvertUTF16toASCII keyGenAlgNarrow(dependentKeyGenAlg);
     JS_ReportError(cx, "%s%s%s", JS_ERROR,
                    "invalid key generation argument:",
-                   keyGenAlg.ptr());
+                   keyGenAlgNarrow.get());
     goto loser;
   }
   if (!*slot) {
@@ -961,9 +965,10 @@ cryptojs_ReadArgsAndGenerateKey(JSContext *cx,
                                    *slot,willEscrow);
 
   if (rv != NS_OK) {
+    NS_LossyConvertUTF16toASCII keyGenAlgNarrow(dependentKeyGenAlg);
     JS_ReportError(cx,"%s%s%s", JS_ERROR,
                    "could not generate the key for algorithm ",
-                   keyGenAlg.ptr());
+                   keyGenAlgNarrow.get());
     goto loser;
   }
   return NS_OK;
diff --git a/security/manager/ssl/tests/mochitest/bugs/Makefile.in b/security/manager/ssl/tests/mochitest/bugs/Makefile.in
index 4812cac44390..6d9357517406 100644
--- a/security/manager/ssl/tests/mochitest/bugs/Makefile.in
+++ b/security/manager/ssl/tests/mochitest/bugs/Makefile.in
@@ -19,6 +19,14 @@ MOCHITEST_FILES = \
 	test_ev_validation_child.html \
         $(NULL)
 
+# test_bug882865.html tests crypto.generateCRMFRequest, which isn't
+# available if legacy crypto has been disabled.
+ifndef MOZ_DISABLE_CRYPTOLEGACY
+MOCHITEST_FILES += \
+        test_bug882865.html \
+        $(NULL)
+endif
+
 MOCHITEST_CHROME_FILES = \
 	test_certificate_overrides.html \
         test_bug413909.html \
diff --git a/security/manager/ssl/tests/mochitest/bugs/test_bug882865.html b/security/manager/ssl/tests/mochitest/bugs/test_bug882865.html
new file mode 100644
index 000000000000..f3bf9925e801
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/bugs/test_bug882865.html
@@ -0,0 +1,39 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Test bug 882865</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body onload="onWindowLoad()">
+<script class="testbody" type="text/javascript">
+
+  SimpleTest.waitForExplicitFinish();
+
+  function onWindowLoad()
+  {
+    try {
+      var crmfObject = crypto.generateCRMFRequest("CN=undefined", "regToken",
+                                                  "authenticator", null, "",
+                                                  512, null, "  rsa-ex   ",
+                                                  1024, null, "\r\n\t rsa-sign\t");
+      ok(true, "no exception thrown in generateCRMFRequest");
+    } catch (e) {
+      ok(false, "unexpected exception: " + e);
+    }
+
+    var o200 = document.documentElement;
+    var o1 = crypto;
+    try {
+      o1.generateCRMFRequest(o200.writeln, o200, 'X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X', null, o1, 1404343237, Math.PI, []);
+      ok(false, "execution should not reach this line");
+    } catch (e) {
+      // The 'key generation argument' in this case was an empty array,
+      // which gets interpreted as an empty string.
+      is(e.toString(), "Error: error:invalid key generation argument:", "expected exception");
+    }
+    SimpleTest.finish();
+  }
+</script>
+</body>
+</html>