From fba28f19754f62b5227650143d5441fc86d4c7d7 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Wed, 25 Apr 2018 21:33:33 +0200 Subject: Revert "Update NSS to 3.35-RTM" This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94. --- security/nss/lib/certdb/alg1485.c | 22 +++++--------- security/nss/lib/certdb/cert.h | 8 ----- security/nss/lib/certdb/certdb.c | 1 - security/nss/lib/certdb/crl.c | 3 +- security/nss/lib/certdb/stanpcertdb.c | 56 +++++++---------------------------- 5 files changed, 19 insertions(+), 71 deletions(-) (limited to 'security/nss/lib/certdb') diff --git a/security/nss/lib/certdb/alg1485.c b/security/nss/lib/certdb/alg1485.c index 9a69c5bc5..38b2fe4b5 100644 --- a/security/nss/lib/certdb/alg1485.c +++ b/security/nss/lib/certdb/alg1485.c @@ -703,19 +703,14 @@ CERT_GetOidString(const SECItem* oid) return NULL; } - /* If the OID has length 1, we bail. */ - if (oid->len < 2) { - return NULL; - } - /* first will point to the next sequence of bytes to decode */ first = (PRUint8*)oid->data; /* stop points to one past the legitimate data */ stop = &first[oid->len]; /* - * Check for our pseudo-encoded single-digit OIDs - */ + * Check for our pseudo-encoded single-digit OIDs + */ if ((*first == 0x80) && (2 == oid->len)) { /* Funky encoding. The second byte is the number */ rvString = PR_smprintf("%lu", (PRUint32)first[1]); @@ -733,10 +728,6 @@ CERT_GetOidString(const SECItem* oid) break; } } - /* There's no first bit set, so this isn't valid. Bail.*/ - if (last == stop) { - goto unsupported; - } bytesBeforeLast = (unsigned int)(last - first); if (bytesBeforeLast <= 3U) { /* 0-28 bit number */ PRUint32 n = 0; @@ -757,12 +748,12 @@ CERT_GetOidString(const SECItem* oid) CASE(2, 0x7f); CASE(1, 0x7f); case 0: - n |= last[0] & 0x7f; + n |= + last[0] & 0x7f; break; } - if (last[0] & 0x80) { + if (last[0] & 0x80) goto unsupported; - } if (!rvString) { /* This is the first number.. decompose it */ @@ -1314,7 +1305,8 @@ CERT_GetCertificateEmailAddress(CERTCertificate* cert) } } else if (current->type == certRFC822Name) { rawEmailAddr = - (char*)PORT_ArenaZAlloc(cert->arena, current->name.other.len + 1); + (char*)PORT_ArenaZAlloc(cert->arena, current->name.other.len + + 1); if (!rawEmailAddr) { goto finish; } diff --git a/security/nss/lib/certdb/cert.h b/security/nss/lib/certdb/cert.h index c76a5a9b0..4224da108 100644 --- a/security/nss/lib/certdb/cert.h +++ b/security/nss/lib/certdb/cert.h @@ -504,8 +504,6 @@ extern CERTCertificate *CERT_FindCertByKeyID(CERTCertDBHandle *handle, */ extern CERTCertificate *CERT_FindCertByIssuerAndSN( CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN); -extern CERTCertificate *CERT_FindCertByIssuerAndSNCX( - CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN, void *wincx); /* ** Find a certificate in the database by a subject key ID @@ -549,9 +547,6 @@ CERTCertificate *CERT_FindCertByEmailAddr(CERTCertDBHandle *handle, */ CERTCertificate *CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name); -CERTCertificate *CERT_FindCertByNicknameOrEmailAddrCX(CERTCertDBHandle *handle, - const char *name, - void *wincx); /* ** Find a certificate in the database by a email address or nickname @@ -560,9 +555,6 @@ CERTCertificate *CERT_FindCertByNicknameOrEmailAddrCX(CERTCertDBHandle *handle, */ CERTCertificate *CERT_FindCertByNicknameOrEmailAddrForUsage( CERTCertDBHandle *handle, const char *name, SECCertUsage lookingForUsage); -CERTCertificate *CERT_FindCertByNicknameOrEmailAddrForUsageCX( - CERTCertDBHandle *handle, const char *name, SECCertUsage lookingForUsage, - void *wincx); /* ** Find a certificate in the database by a digest of a subject public key diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index 1a676a720..7864edc08 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -1192,7 +1192,6 @@ CERT_CheckKeyUsage(CERTCertificate *cert, unsigned int requiredUsage) case rsaKey: requiredUsage |= KU_KEY_ENCIPHERMENT; break; - case rsaPssKey: case dsaKey: requiredUsage |= KU_DIGITAL_SIGNATURE; break; diff --git a/security/nss/lib/certdb/crl.c b/security/nss/lib/certdb/crl.c index d1c48dfba..87469085e 100644 --- a/security/nss/lib/certdb/crl.c +++ b/security/nss/lib/certdb/crl.c @@ -1294,7 +1294,8 @@ DPCache_AddCRL(CRLDPCache* cache, CachedCrl* newcrl, PRBool* added) } } - newcrls = (CachedCrl**)PORT_Realloc(cache->crls, (cache->ncrls + 1) * sizeof(CachedCrl*)); + newcrls = (CachedCrl**)PORT_Realloc(cache->crls, (cache->ncrls + 1) * + sizeof(CachedCrl*)); if (!newcrls) { return SECFailure; } diff --git a/security/nss/lib/certdb/stanpcertdb.c b/security/nss/lib/certdb/stanpcertdb.c index beaa66040..4d42bd50d 100644 --- a/security/nss/lib/certdb/stanpcertdb.c +++ b/security/nss/lib/certdb/stanpcertdb.c @@ -457,15 +457,15 @@ __CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert, return CERT_NewTempCertificate(handle, derCert, nickname, isperm, copyDER); } -static CERTCertificate * -common_FindCertByIssuerAndSN(CERTCertDBHandle *handle, - CERTIssuerAndSN *issuerAndSN, - void *wincx) +/* maybe all the wincx's should be some const for internal token login? */ +CERTCertificate * +CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle, + CERTIssuerAndSN *issuerAndSN) { PK11SlotInfo *slot; CERTCertificate *cert; - cert = PK11_FindCertByIssuerAndSN(&slot, issuerAndSN, wincx); + cert = PK11_FindCertByIssuerAndSN(&slot, issuerAndSN, NULL); if (cert && slot) { PK11_FreeSlot(slot); } @@ -473,23 +473,6 @@ common_FindCertByIssuerAndSN(CERTCertDBHandle *handle, return cert; } -/* maybe all the wincx's should be some const for internal token login? */ -CERTCertificate * -CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle, - CERTIssuerAndSN *issuerAndSN) -{ - return common_FindCertByIssuerAndSN(handle, issuerAndSN, NULL); -} - -/* maybe all the wincx's should be some const for internal token login? */ -CERTCertificate * -CERT_FindCertByIssuerAndSNCX(CERTCertDBHandle *handle, - CERTIssuerAndSN *issuerAndSN, - void *wincx) -{ - return common_FindCertByIssuerAndSN(handle, issuerAndSN, wincx); -} - static NSSCertificate * get_best_temp_or_perm(NSSCertificate *ct, NSSCertificate *cp) { @@ -604,8 +587,7 @@ CERT_FindCertByDERCert(CERTCertDBHandle *handle, SECItem *derCert) static CERTCertificate * common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, const char *name, PRBool anyUsage, - SECCertUsage lookingForUsage, - void *wincx) + SECCertUsage lookingForUsage) { NSSCryptoContext *cc; NSSCertificate *c, *ct; @@ -638,7 +620,7 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, } if (anyUsage) { - cert = PK11_FindCertFromNickname(name, wincx); + cert = PK11_FindCertFromNickname(name, NULL); } else { if (ct) { /* Does ct really have the required usage? */ @@ -650,7 +632,7 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, } } - certlist = PK11_FindCertsFromNickname(name, wincx); + certlist = PK11_FindCertsFromNickname(name, NULL); if (certlist) { SECStatus rv = CERT_FilterCertListByUsage(certlist, lookingForUsage, PR_FALSE); @@ -677,15 +659,7 @@ CERTCertificate * CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name) { return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_TRUE, - 0, NULL); -} - -CERTCertificate * -CERT_FindCertByNicknameOrEmailAddrCX(CERTCertDBHandle *handle, const char *name, - void *wincx) -{ - return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_TRUE, - 0, wincx); + 0); } CERTCertificate * @@ -694,17 +668,7 @@ CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, SECCertUsage lookingForUsage) { return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_FALSE, - lookingForUsage, NULL); -} - -CERTCertificate * -CERT_FindCertByNicknameOrEmailAddrForUsageCX(CERTCertDBHandle *handle, - const char *name, - SECCertUsage lookingForUsage, - void *wincx) -{ - return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_FALSE, - lookingForUsage, wincx); + lookingForUsage); } static void -- cgit v1.2.3