912847 - Read-only SECKEY_* functions do not have the const modifer on their unmodified arguments

Status: RESOLVED FIXED

(NSS :: Libraries, defect)

Description

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

Attachment: fix-SECKEY-constness.patch

This adds const to many of the SECKEY_* functions without changing their implementations.

There are other SECKEY_* functions that should probably be modified in a similar way, because callers probably expect the arguments to remain unmodified and also there may be thread-safety issues with such non-obvious modifications of arguments. However, I did not modify those functions because doing so is not trivial like the attached modifications are.

Comment 1

[Ryan Sleevi]

Comment on attachment 799963 [details] [diff] [review]
fix-SECKEY-constness.patch

Review of attachment 799963 [details] [diff] [review]:
-----------------------------------------------------------------

::: lib/cryptohi/seckey.c
@@ -207,5 @@
>  ** to create this key pair without the "sensitive" attribute, but revert to 
>  ** creating a "sensitive" key if necessary.
>  */
>  SECKEYPrivateKey *
> -SECKEY_CreateECPrivateKey(SECKEYECParams *param, SECKEYPublicKey **pubk, void *cx)

Should SECKEYECParams be const?

Comment 2

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

http://hg.mozilla.org/projects/nss/rev/78ad4e01463d(In reply to Ryan Sleevi from comment #1)
> >  SECKEYPrivateKey *
> > -SECKEY_CreateECPrivateKey(SECKEYECParams *param, SECKEYPublicKey **pubk, void *cx)
> 
> Should SECKEYECParams be const?

I tried to make it const but it wasn't trivial like the other functions and I didn't have time to make all the needed changes. Let's do that in some follow-up.

Comment 3

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

http://hg.mozilla.org/projects/nss/rev/78ad4e01463d