summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/certdb
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/certdb')
-rw-r--r--security/nss/lib/certdb/alg1485.c22
-rw-r--r--security/nss/lib/certdb/cert.h8
-rw-r--r--security/nss/lib/certdb/certdb.c1
-rw-r--r--security/nss/lib/certdb/crl.c3
-rw-r--r--security/nss/lib/certdb/stanpcertdb.c56
5 files changed, 19 insertions, 71 deletions
diff --git a/security/nss/lib/certdb/alg1485.c b/security/nss/lib/certdb/alg1485.c
index 9a69c5bc5..38b2fe4b5 100644
--- a/security/nss/lib/certdb/alg1485.c
+++ b/security/nss/lib/certdb/alg1485.c
@@ -703,19 +703,14 @@ CERT_GetOidString(const SECItem* oid)
return NULL;
}
- /* If the OID has length 1, we bail. */
- if (oid->len < 2) {
- return NULL;
- }
-
/* first will point to the next sequence of bytes to decode */
first = (PRUint8*)oid->data;
/* stop points to one past the legitimate data */
stop = &first[oid->len];
/*
- * Check for our pseudo-encoded single-digit OIDs
- */
+ * Check for our pseudo-encoded single-digit OIDs
+ */
if ((*first == 0x80) && (2 == oid->len)) {
/* Funky encoding. The second byte is the number */
rvString = PR_smprintf("%lu", (PRUint32)first[1]);
@@ -733,10 +728,6 @@ CERT_GetOidString(const SECItem* oid)
break;
}
}
- /* There's no first bit set, so this isn't valid. Bail.*/
- if (last == stop) {
- goto unsupported;
- }
bytesBeforeLast = (unsigned int)(last - first);
if (bytesBeforeLast <= 3U) { /* 0-28 bit number */
PRUint32 n = 0;
@@ -757,12 +748,12 @@ CERT_GetOidString(const SECItem* oid)
CASE(2, 0x7f);
CASE(1, 0x7f);
case 0:
- n |= last[0] & 0x7f;
+ n |=
+ last[0] & 0x7f;
break;
}
- if (last[0] & 0x80) {
+ if (last[0] & 0x80)
goto unsupported;
- }
if (!rvString) {
/* This is the first number.. decompose it */
@@ -1314,7 +1305,8 @@ CERT_GetCertificateEmailAddress(CERTCertificate* cert)
}
} else if (current->type == certRFC822Name) {
rawEmailAddr =
- (char*)PORT_ArenaZAlloc(cert->arena, current->name.other.len + 1);
+ (char*)PORT_ArenaZAlloc(cert->arena, current->name.other.len +
+ 1);
if (!rawEmailAddr) {
goto finish;
}
diff --git a/security/nss/lib/certdb/cert.h b/security/nss/lib/certdb/cert.h
index c76a5a9b0..4224da108 100644
--- a/security/nss/lib/certdb/cert.h
+++ b/security/nss/lib/certdb/cert.h
@@ -504,8 +504,6 @@ extern CERTCertificate *CERT_FindCertByKeyID(CERTCertDBHandle *handle,
*/
extern CERTCertificate *CERT_FindCertByIssuerAndSN(
CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN);
-extern CERTCertificate *CERT_FindCertByIssuerAndSNCX(
- CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN, void *wincx);
/*
** Find a certificate in the database by a subject key ID
@@ -549,9 +547,6 @@ CERTCertificate *CERT_FindCertByEmailAddr(CERTCertDBHandle *handle,
*/
CERTCertificate *CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle,
const char *name);
-CERTCertificate *CERT_FindCertByNicknameOrEmailAddrCX(CERTCertDBHandle *handle,
- const char *name,
- void *wincx);
/*
** Find a certificate in the database by a email address or nickname
@@ -560,9 +555,6 @@ CERTCertificate *CERT_FindCertByNicknameOrEmailAddrCX(CERTCertDBHandle *handle,
*/
CERTCertificate *CERT_FindCertByNicknameOrEmailAddrForUsage(
CERTCertDBHandle *handle, const char *name, SECCertUsage lookingForUsage);
-CERTCertificate *CERT_FindCertByNicknameOrEmailAddrForUsageCX(
- CERTCertDBHandle *handle, const char *name, SECCertUsage lookingForUsage,
- void *wincx);
/*
** Find a certificate in the database by a digest of a subject public key
diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c
index 1a676a720..7864edc08 100644
--- a/security/nss/lib/certdb/certdb.c
+++ b/security/nss/lib/certdb/certdb.c
@@ -1192,7 +1192,6 @@ CERT_CheckKeyUsage(CERTCertificate *cert, unsigned int requiredUsage)
case rsaKey:
requiredUsage |= KU_KEY_ENCIPHERMENT;
break;
- case rsaPssKey:
case dsaKey:
requiredUsage |= KU_DIGITAL_SIGNATURE;
break;
diff --git a/security/nss/lib/certdb/crl.c b/security/nss/lib/certdb/crl.c
index d1c48dfba..87469085e 100644
--- a/security/nss/lib/certdb/crl.c
+++ b/security/nss/lib/certdb/crl.c
@@ -1294,7 +1294,8 @@ DPCache_AddCRL(CRLDPCache* cache, CachedCrl* newcrl, PRBool* added)
}
}
- newcrls = (CachedCrl**)PORT_Realloc(cache->crls, (cache->ncrls + 1) * sizeof(CachedCrl*));
+ newcrls = (CachedCrl**)PORT_Realloc(cache->crls, (cache->ncrls + 1) *
+ sizeof(CachedCrl*));
if (!newcrls) {
return SECFailure;
}
diff --git a/security/nss/lib/certdb/stanpcertdb.c b/security/nss/lib/certdb/stanpcertdb.c
index beaa66040..4d42bd50d 100644
--- a/security/nss/lib/certdb/stanpcertdb.c
+++ b/security/nss/lib/certdb/stanpcertdb.c
@@ -457,15 +457,15 @@ __CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
return CERT_NewTempCertificate(handle, derCert, nickname, isperm, copyDER);
}
-static CERTCertificate *
-common_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
- CERTIssuerAndSN *issuerAndSN,
- void *wincx)
+/* maybe all the wincx's should be some const for internal token login? */
+CERTCertificate *
+CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
+ CERTIssuerAndSN *issuerAndSN)
{
PK11SlotInfo *slot;
CERTCertificate *cert;
- cert = PK11_FindCertByIssuerAndSN(&slot, issuerAndSN, wincx);
+ cert = PK11_FindCertByIssuerAndSN(&slot, issuerAndSN, NULL);
if (cert && slot) {
PK11_FreeSlot(slot);
}
@@ -473,23 +473,6 @@ common_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
return cert;
}
-/* maybe all the wincx's should be some const for internal token login? */
-CERTCertificate *
-CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
- CERTIssuerAndSN *issuerAndSN)
-{
- return common_FindCertByIssuerAndSN(handle, issuerAndSN, NULL);
-}
-
-/* maybe all the wincx's should be some const for internal token login? */
-CERTCertificate *
-CERT_FindCertByIssuerAndSNCX(CERTCertDBHandle *handle,
- CERTIssuerAndSN *issuerAndSN,
- void *wincx)
-{
- return common_FindCertByIssuerAndSN(handle, issuerAndSN, wincx);
-}
-
static NSSCertificate *
get_best_temp_or_perm(NSSCertificate *ct, NSSCertificate *cp)
{
@@ -604,8 +587,7 @@ CERT_FindCertByDERCert(CERTCertDBHandle *handle, SECItem *derCert)
static CERTCertificate *
common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
const char *name, PRBool anyUsage,
- SECCertUsage lookingForUsage,
- void *wincx)
+ SECCertUsage lookingForUsage)
{
NSSCryptoContext *cc;
NSSCertificate *c, *ct;
@@ -638,7 +620,7 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
}
if (anyUsage) {
- cert = PK11_FindCertFromNickname(name, wincx);
+ cert = PK11_FindCertFromNickname(name, NULL);
} else {
if (ct) {
/* Does ct really have the required usage? */
@@ -650,7 +632,7 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
}
}
- certlist = PK11_FindCertsFromNickname(name, wincx);
+ certlist = PK11_FindCertsFromNickname(name, NULL);
if (certlist) {
SECStatus rv =
CERT_FilterCertListByUsage(certlist, lookingForUsage, PR_FALSE);
@@ -677,15 +659,7 @@ CERTCertificate *
CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name)
{
return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_TRUE,
- 0, NULL);
-}
-
-CERTCertificate *
-CERT_FindCertByNicknameOrEmailAddrCX(CERTCertDBHandle *handle, const char *name,
- void *wincx)
-{
- return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_TRUE,
- 0, wincx);
+ 0);
}
CERTCertificate *
@@ -694,17 +668,7 @@ CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
SECCertUsage lookingForUsage)
{
return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_FALSE,
- lookingForUsage, NULL);
-}
-
-CERTCertificate *
-CERT_FindCertByNicknameOrEmailAddrForUsageCX(CERTCertDBHandle *handle,
- const char *name,
- SECCertUsage lookingForUsage,
- void *wincx)
-{
- return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_FALSE,
- lookingForUsage, wincx);
+ lookingForUsage);
}
static void