Bug 881427: Clean up the runtime check for ECC curve capabilities.NSS_3_15_1_BETA1

Fix typos in comments and minor variable and function name issues.
r=rrelyea.

4 files changed, 23 insertions, 22 deletions

diff --git a/lib/ssl/derive.c b/lib/ssl/derive.c
index ccb454289..420e6781e 100644
--- a/lib/ssl/derive.c
+++ b/lib/ssl/derive.c
@@ -764,7 +764,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
 
 		ec_curve =
 		    ssl3_GetCurveWithECKeyStrength(
-					ssl3_GetSupportedECCCurveMask(NULL),
+					ssl3_GetSupportedECCurveMask(NULL),
 				  	requiredECCbits);
 		rv = ssl3_ECName2Params(NULL, ec_curve, &ecParams);
 		if (rv == SECFailure) {
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
index 3c798ac5d..959f65b51 100644
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -11123,7 +11123,7 @@ ssl3_InitState(sslSocket *ss)
 
     ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello;
 #ifdef NSS_ENABLE_ECC
-    ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCCurveMask(ss);
+    ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss);
 #endif
     ssl_ReleaseSpecWriteLock(ss);
 
diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c
index f0d65d00c..65a428f9f 100644
--- a/lib/ssl/ssl3ecc.c
+++ b/lib/ssl/ssl3ecc.c
@@ -1053,14 +1053,14 @@ static const PRUint8 tlsECList[56] = {
     BE(24), BE(25)
 };
 
-static const PRUint8 ECPtFmt[6] = {
+static const PRUint8 ecPtFmt[6] = {
     BE(11),         /* Extension type */
     BE( 2),         /* octets that follow */
              1,     /* octets that follow */
                  0  /* uncompressed type only */
 };
 
-/* This function already presumes we can do ECC, ssl_IsECCEnabled must be
+/* This function already presumes we can do ECC, ssl3_IsECCEnabled must be
  * called before this function. It looks to see if we have a token which
  * is capable of doing smaller than SuiteB curves. If the token can, we
  * presume the token can do the whole SSL suite of curves. If it can't we
@@ -1069,10 +1069,11 @@ static const PRUint8 ECPtFmt[6] = {
 static PRBool
 ssl3_SuiteBOnly(sslSocket *ss)
 {
-    /* look to see if we can handle certs less than 163 bits */
+    /* See if we can support small curves (like 163). If not, assume we can
+     * only support Suite-B curves (P-256, P-384, P-521). */
     PK11SlotInfo *slot =
 	PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163,
-					ss ? ss->pkcs11PinArg : NULL);
+				       ss ? ss->pkcs11PinArg : NULL);
 
     if (!slot) {
 	/* nope, presume we can only do suite B */
@@ -1092,22 +1093,22 @@ ssl3_SendSupportedCurvesXtn(
 			PRBool      append,
 			PRUint32    maxBytes)
 {
-    int ECListSize = 0;
-    const PRUint8 *ECList = NULL;
+    PRInt32 ecListSize = 0;
+    const PRUint8 *ecList = NULL;
 
     if (!ss || !ssl3_IsECCEnabled(ss))
     	return 0;
 
     if (ssl3_SuiteBOnly(ss)) {
-	ECListSize = sizeof (suiteBECList);
-	ECList = suiteBECList;
+	ecListSize = sizeof suiteBECList;
+	ecList = suiteBECList;
     } else {
-	ECListSize = sizeof (tlsECList);
-	ECList = tlsECList;
+	ecListSize = sizeof tlsECList;
+	ecList = tlsECList;
     }
  
-    if (append && maxBytes >= ECListSize) {
-	SECStatus rv = ssl3_AppendHandshake(ss, ECList, ECListSize);
+    if (append && maxBytes >= ecListSize) {
+	SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize);
 	if (rv != SECSuccess)
 	    return -1;
 	if (!ss->sec.isServer) {
@@ -1116,11 +1117,11 @@ ssl3_SendSupportedCurvesXtn(
 		ssl_elliptic_curves_xtn;
 	}
     }
-    return ECListSize;
+    return ecListSize;
 }
 
-PRInt32
-ssl3_GetSupportedECCCurveMask(sslSocket *ss)
+PRUint32
+ssl3_GetSupportedECCurveMask(sslSocket *ss)
 {
     if (ssl3_SuiteBOnly(ss)) {
 	return SSL3_SUITE_B_SUPPORTED_CURVES_MASK;
@@ -1139,8 +1140,8 @@ ssl3_SendSupportedPointFormatsXtn(
 {
     if (!ss || !ssl3_IsECCEnabled(ss))
     	return 0;
-    if (append && maxBytes >= (sizeof ECPtFmt)) {
-	SECStatus rv = ssl3_AppendHandshake(ss, ECPtFmt, (sizeof ECPtFmt));
+    if (append && maxBytes >= (sizeof ecPtFmt)) {
+	SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt));
 	if (rv != SECSuccess)
 	    return -1;
 	if (!ss->sec.isServer) {
@@ -1149,7 +1150,7 @@ ssl3_SendSupportedPointFormatsXtn(
 		ssl_ec_point_formats_xtn;
 	}
     }
-    return (sizeof ECPtFmt);
+    return (sizeof ecPtFmt);
 }
 
 /* Just make sure that the remote client supports uncompressed points,
diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
index 4818b47d3..b0abfd597 100644
--- a/lib/ssl/sslimpl.h
+++ b/lib/ssl/sslimpl.h
@@ -142,7 +142,7 @@ typedef enum { SSLAppOpRead = 0,
 
 /* Mask of the 25 named curves we support. */
 #define SSL3_ALL_SUPPORTED_CURVES_MASK 0x3fffffe
-/* only 3 curves, suite B*/
+/* Mask of only 3 curves, suite B */
 #define SSL3_SUITE_B_SUPPORTED_CURVES_MASK 0x3800000
 
 #ifndef BPB
@@ -1499,7 +1499,7 @@ extern void      ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
 extern PRBool    ssl3_IsECCEnabled(sslSocket *ss);
 extern SECStatus ssl3_DisableECCSuites(sslSocket * ss, 
                                        const ssl3CipherSuite * suite);
-extern PRInt32   ssl3_GetSupportedECCCurveMask(sslSocket *ss);
+extern PRUint32  ssl3_GetSupportedECCurveMask(sslSocket *ss);
 
 
 /* Macro for finding a curve equivalent in strength to RSA key's */