Revert "Update NSS to 3.35-RTM"

This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.

5 files changed, 19 insertions, 71 deletions

diff --git a/security/nss/lib/certdb/alg1485.c b/security/nss/lib/certdb/alg1485.c
index 9a69c5bc5..38b2fe4b5 100644
--- a/security/nss/lib/certdb/alg1485.c
+++ b/security/nss/lib/certdb/alg1485.c
@@ -703,19 +703,14 @@ CERT_GetOidString(const SECItem* oid)
         return NULL;
     }
 
-    /* If the OID has length 1, we bail. */
-    if (oid->len < 2) {
-        return NULL;
-    }
-
     /* first will point to the next sequence of bytes to decode */
     first = (PRUint8*)oid->data;
     /* stop points to one past the legitimate data */
     stop = &first[oid->len];
 
     /*
-     * Check for our pseudo-encoded single-digit OIDs
-     */
+   * Check for our pseudo-encoded single-digit OIDs
+   */
     if ((*first == 0x80) && (2 == oid->len)) {
         /* Funky encoding.  The second byte is the number */
         rvString = PR_smprintf("%lu", (PRUint32)first[1]);
@@ -733,10 +728,6 @@ CERT_GetOidString(const SECItem* oid)
                 break;
             }
         }
-        /* There's no first bit set, so this isn't valid. Bail.*/
-        if (last == stop) {
-            goto unsupported;
-        }
         bytesBeforeLast = (unsigned int)(last - first);
         if (bytesBeforeLast <= 3U) { /* 0-28 bit number */
             PRUint32 n = 0;
@@ -757,12 +748,12 @@ CERT_GetOidString(const SECItem* oid)
                 CASE(2, 0x7f);
                 CASE(1, 0x7f);
                 case 0:
-                    n |= last[0] & 0x7f;
+                    n |=
+                        last[0] & 0x7f;
                     break;
             }
-            if (last[0] & 0x80) {
+            if (last[0] & 0x80)
                 goto unsupported;
-            }
 
             if (!rvString) {
                 /* This is the first number.. decompose it */
@@ -1314,7 +1305,8 @@ CERT_GetCertificateEmailAddress(CERTCertificate* cert)
                     }
                 } else if (current->type == certRFC822Name) {
                     rawEmailAddr =
-                        (char*)PORT_ArenaZAlloc(cert->arena, current->name.other.len + 1);
+                        (char*)PORT_ArenaZAlloc(cert->arena, current->name.other.len +
+                                                                 1);
                     if (!rawEmailAddr) {
                         goto finish;
                     }
diff --git a/security/nss/lib/certdb/cert.h b/security/nss/lib/certdb/cert.h
index c76a5a9b0..4224da108 100644
--- a/security/nss/lib/certdb/cert.h
+++ b/security/nss/lib/certdb/cert.h
@@ -504,8 +504,6 @@ extern CERTCertificate *CERT_FindCertByKeyID(CERTCertDBHandle *handle,
 */
 extern CERTCertificate *CERT_FindCertByIssuerAndSN(
     CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN);
-extern CERTCertificate *CERT_FindCertByIssuerAndSNCX(
-    CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN, void *wincx);
 
 /*
 ** Find a certificate in the database by a subject key ID
@@ -549,9 +547,6 @@ CERTCertificate *CERT_FindCertByEmailAddr(CERTCertDBHandle *handle,
 */
 CERTCertificate *CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle,
                                                     const char *name);
-CERTCertificate *CERT_FindCertByNicknameOrEmailAddrCX(CERTCertDBHandle *handle,
-                                                      const char *name,
-                                                      void *wincx);
 
 /*
 ** Find a certificate in the database by a email address or nickname
@@ -560,9 +555,6 @@ CERTCertificate *CERT_FindCertByNicknameOrEmailAddrCX(CERTCertDBHandle *handle,
 */
 CERTCertificate *CERT_FindCertByNicknameOrEmailAddrForUsage(
     CERTCertDBHandle *handle, const char *name, SECCertUsage lookingForUsage);
-CERTCertificate *CERT_FindCertByNicknameOrEmailAddrForUsageCX(
-    CERTCertDBHandle *handle, const char *name, SECCertUsage lookingForUsage,
-    void *wincx);
 
 /*
 ** Find a certificate in the database by a digest of a subject public key
diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c
index 1a676a720..7864edc08 100644
--- a/security/nss/lib/certdb/certdb.c
+++ b/security/nss/lib/certdb/certdb.c
@@ -1192,7 +1192,6 @@ CERT_CheckKeyUsage(CERTCertificate *cert, unsigned int requiredUsage)
             case rsaKey:
                 requiredUsage |= KU_KEY_ENCIPHERMENT;
                 break;
-            case rsaPssKey:
             case dsaKey:
                 requiredUsage |= KU_DIGITAL_SIGNATURE;
                 break;
diff --git a/security/nss/lib/certdb/crl.c b/security/nss/lib/certdb/crl.c
index d1c48dfba..87469085e 100644
--- a/security/nss/lib/certdb/crl.c
+++ b/security/nss/lib/certdb/crl.c
@@ -1294,7 +1294,8 @@ DPCache_AddCRL(CRLDPCache* cache, CachedCrl* newcrl, PRBool* added)
         }
     }
 
-    newcrls = (CachedCrl**)PORT_Realloc(cache->crls, (cache->ncrls + 1) * sizeof(CachedCrl*));
+    newcrls = (CachedCrl**)PORT_Realloc(cache->crls, (cache->ncrls + 1) *
+                                                         sizeof(CachedCrl*));
     if (!newcrls) {
         return SECFailure;
     }
diff --git a/security/nss/lib/certdb/stanpcertdb.c b/security/nss/lib/certdb/stanpcertdb.c
index beaa66040..4d42bd50d 100644
--- a/security/nss/lib/certdb/stanpcertdb.c
+++ b/security/nss/lib/certdb/stanpcertdb.c
@@ -457,15 +457,15 @@ __CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
     return CERT_NewTempCertificate(handle, derCert, nickname, isperm, copyDER);
 }
 
-static CERTCertificate *
-common_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
-                             CERTIssuerAndSN *issuerAndSN,
-                             void *wincx)
+/* maybe all the wincx's should be some const for internal token login? */
+CERTCertificate *
+CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
+                           CERTIssuerAndSN *issuerAndSN)
 {
     PK11SlotInfo *slot;
     CERTCertificate *cert;
 
-    cert = PK11_FindCertByIssuerAndSN(&slot, issuerAndSN, wincx);
+    cert = PK11_FindCertByIssuerAndSN(&slot, issuerAndSN, NULL);
     if (cert && slot) {
         PK11_FreeSlot(slot);
     }
@@ -473,23 +473,6 @@ common_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
     return cert;
 }
 
-/* maybe all the wincx's should be some const for internal token login? */
-CERTCertificate *
-CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
-                           CERTIssuerAndSN *issuerAndSN)
-{
-    return common_FindCertByIssuerAndSN(handle, issuerAndSN, NULL);
-}
-
-/* maybe all the wincx's should be some const for internal token login? */
-CERTCertificate *
-CERT_FindCertByIssuerAndSNCX(CERTCertDBHandle *handle,
-                             CERTIssuerAndSN *issuerAndSN,
-                             void *wincx)
-{
-    return common_FindCertByIssuerAndSN(handle, issuerAndSN, wincx);
-}
-
 static NSSCertificate *
 get_best_temp_or_perm(NSSCertificate *ct, NSSCertificate *cp)
 {
@@ -604,8 +587,7 @@ CERT_FindCertByDERCert(CERTCertDBHandle *handle, SECItem *derCert)
 static CERTCertificate *
 common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
                                              const char *name, PRBool anyUsage,
-                                             SECCertUsage lookingForUsage,
-                                             void *wincx)
+                                             SECCertUsage lookingForUsage)
 {
     NSSCryptoContext *cc;
     NSSCertificate *c, *ct;
@@ -638,7 +620,7 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
     }
 
     if (anyUsage) {
-        cert = PK11_FindCertFromNickname(name, wincx);
+        cert = PK11_FindCertFromNickname(name, NULL);
     } else {
         if (ct) {
             /* Does ct really have the required usage? */
@@ -650,7 +632,7 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
             }
         }
 
-        certlist = PK11_FindCertsFromNickname(name, wincx);
+        certlist = PK11_FindCertsFromNickname(name, NULL);
         if (certlist) {
             SECStatus rv =
                 CERT_FilterCertListByUsage(certlist, lookingForUsage, PR_FALSE);
@@ -677,15 +659,7 @@ CERTCertificate *
 CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name)
 {
     return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_TRUE,
-                                                        0, NULL);
-}
-
-CERTCertificate *
-CERT_FindCertByNicknameOrEmailAddrCX(CERTCertDBHandle *handle, const char *name,
-                                     void *wincx)
-{
-    return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_TRUE,
-                                                        0, wincx);
+                                                        0);
 }
 
 CERTCertificate *
@@ -694,17 +668,7 @@ CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
                                            SECCertUsage lookingForUsage)
 {
     return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_FALSE,
-                                                        lookingForUsage, NULL);
-}
-
-CERTCertificate *
-CERT_FindCertByNicknameOrEmailAddrForUsageCX(CERTCertDBHandle *handle,
-                                             const char *name,
-                                             SECCertUsage lookingForUsage,
-                                             void *wincx)
-{
-    return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_FALSE,
-                                                        lookingForUsage, wincx);
+                                                        lookingForUsage);
 }
 
 static void