Bug 1476200 - remove usage of DER_Lengths and deprecate it, r=mt
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Thu, 02 Aug 2018 10:17:06 +0200
changeset 14435 d80deec801102e7c5eb9e8fecdce72411be23b47
parent 14434 1adf32e363a7ba0d7952ca9c6098b2d5cff2cfe0
child 14436 e2a0d66b122f873a5ca370de7674af377279e37e
push id3152
push userfranziskuskiefer@gmail.com
push dateThu, 02 Aug 2018 08:20:17 +0000
reviewersmt
bugs1476200
Bug 1476200 - remove usage of DER_Lengths and deprecate it, r=mt Differential Revision: https://phabricator.services.mozilla.com/D2183
lib/ssl/cmpcert.c
lib/util/secder.h
--- a/lib/ssl/cmpcert.c
+++ b/lib/ssl/cmpcert.c
@@ -22,68 +22,43 @@
  * Returns SECSuccess if so, SECFailure if not.
  */
 SECStatus
 NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
 {
     SECItem *caname;
     CERTCertificate *curcert;
     CERTCertificate *oldcert;
-    PRInt32 contentlen;
     int j;
-    int headerlen;
     int depth;
-    SECStatus rv;
     SECItem issuerName;
-    SECItem compatIssuerName;
 
     if (!cert || !caNames || !caNames->nnames || !caNames->names ||
         !caNames->names->data)
         return SECFailure;
     depth = 0;
     curcert = CERT_DupCertificate(cert);
 
     while (curcert) {
         issuerName = curcert->derIssuer;
 
-        /* compute an alternate issuer name for compatibility with 2.0
-         * enterprise server, which send the CA names without
-         * the outer layer of DER header
-         */
-        rv = DER_Lengths(&issuerName, &headerlen, (PRUint32 *)&contentlen);
-        if (rv == SECSuccess) {
-            compatIssuerName.data = &issuerName.data[headerlen];
-            compatIssuerName.len = issuerName.len - headerlen;
-        } else {
-            compatIssuerName.data = NULL;
-            compatIssuerName.len = 0;
-        }
-
         for (j = 0; j < caNames->nnames; j++) {
             caname = &caNames->names[j];
             if (SECITEM_CompareItem(&issuerName, caname) == SECEqual) {
-                rv = SECSuccess;
                 CERT_DestroyCertificate(curcert);
-                goto done;
-            } else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) {
-                rv = SECSuccess;
-                CERT_DestroyCertificate(curcert);
-                goto done;
+                return SECSuccess;
             }
         }
         if ((depth <= 20) &&
             (SECITEM_CompareItem(&curcert->derIssuer, &curcert->derSubject) !=
              SECEqual)) {
             oldcert = curcert;
             curcert = CERT_FindCertByName(curcert->dbhandle,
                                           &curcert->derIssuer);
             CERT_DestroyCertificate(oldcert);
             depth++;
         } else {
             CERT_DestroyCertificate(curcert);
             curcert = NULL;
         }
     }
-    rv = SECFailure;
-
-done:
-    return rv;
+    return SECFailure;
 }
--- a/lib/util/secder.h
+++ b/lib/util/secder.h
@@ -29,16 +29,19 @@ SEC_BEGIN_PROTOS
 **     encoded structure in "src"
 **  "t" is a template structure which defines the shape of the
 **     stored data
 **  "src" is a pointer to the structure that will be encoded
 */
 extern SECStatus DER_Encode(PLArenaPool *arena, SECItem *dest, DERTemplate *t,
                             void *src);
 
+/*
+** This function is deprecated.
+*/
 extern SECStatus DER_Lengths(SECItem *item, int *header_len_p,
                              PRUint32 *contents_len_p);
 
 /*
 ** Lower level der subroutine that stores the standard header into "to".
 ** The header is of variable length, based on encodingLen.
 ** The return value is the new value of "to" after skipping over the header.
 **  "to" is where the header will be stored