Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.18 - NSS_3_18_BETA3, r=wtc

security/nss/TAG-INFO

@@ -1 +1 @@
-NSS_3_18_BETA2
+NSS_3_18_BETA3

security/nss/coreconf/coreconf.dep

@@ -10,4 +10,3 @@
  */
 
 #error "Do not include this header file."
-

security/nss/lib/pki/pki3hack.c

@@ -247,27 +247,28 @@ STAN_GetCertIdentifierFromDER(NSSArena *arenaOpt, NSSDER *der)
 }
 
 NSS_IMPLEMENT PRStatus
-nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSArena *arena, 
+nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der,
                                      NSSDER *issuer, NSSDER *serial)
 {
-    SECStatus secrv;
-    SECItem derCert;
+    SECItem derCert   = { 0 };
     SECItem derIssuer = { 0 };
     SECItem derSerial = { 0 };
-    SECITEM_FROM_NSSITEM(&derCert, der);
-    secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial);
+    SECStatus secrv;
+    derCert.data = (unsigned char *)der->data;
+    derCert.len = der->size;
+    secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer);
     if (secrv != SECSuccess) {
 	return PR_FAILURE;
     }
-    (void)nssItem_Create(arena, serial, derSerial.len, derSerial.data);
-    secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer);
+    secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial);
     if (secrv != SECSuccess) {
 	PORT_Free(derSerial.data);
 	return PR_FAILURE;
     }
-    (void)nssItem_Create(arena, issuer, derIssuer.len, derIssuer.data);
-    PORT_Free(derSerial.data);
-    PORT_Free(derIssuer.data);
+    issuer->data = derIssuer.data;
+    issuer->size = derIssuer.len;
+    serial->data = derSerial.data;
+    serial->size = derSerial.len;
     return PR_SUCCESS;
 }
 

security/nss/lib/pki/pki3hack.h

@@ -77,7 +77,7 @@ NSS_EXTERN PRStatus
 STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust);
 
 NSS_EXTERN PRStatus
-nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSArena *arena, 
+nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der,
                                      NSSDER *issuer, NSSDER *serial);
 
 NSS_EXTERN char *

security/nss/lib/pki/pkistore.c

@@ -23,6 +23,7 @@
 #endif /* PKISTORE_H */
 
 #include "cert.h"
+#include "pki3hack.h"
 
 #include "prbit.h"
 
@@ -554,33 +555,6 @@ nssCertificateStore_FindCertificateByIssuerAndSerialNumber (
     return rvCert;
 }
 
-static PRStatus
-issuer_and_serial_from_encoding (
-  NSSBER *encoding, 
-  NSSDER *issuer, 
-  NSSDER *serial
-)
-{
-    SECItem derCert, derIssuer, derSerial;
-    SECStatus secrv;
-    derCert.data = (unsigned char *)encoding->data;
-    derCert.len = encoding->size;
-    secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer);
-    if (secrv != SECSuccess) {
-	return PR_FAILURE;
-    }
-    secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial);
-    if (secrv != SECSuccess) {
-	PORT_Free(derIssuer.data);
-	return PR_FAILURE;
-    }
-    issuer->data = derIssuer.data;
-    issuer->size = derIssuer.len;
-    serial->data = derSerial.data;
-    serial->size = derSerial.len;
-    return PR_SUCCESS;
-}
-
 NSS_IMPLEMENT NSSCertificate *
 nssCertificateStore_FindCertificateByEncodedCertificate (
   nssCertificateStore *store,
@@ -590,7 +564,7 @@ nssCertificateStore_FindCertificateByEncodedCertificate (
     PRStatus nssrv = PR_FAILURE;
     NSSDER issuer, serial;
     NSSCertificate *rvCert = NULL;
-    nssrv = issuer_and_serial_from_encoding(encoding, &issuer, &serial);
+    nssrv = nssPKIX509_GetIssuerAndSerialFromDER(encoding, &issuer, &serial);
     if (nssrv != PR_SUCCESS) {
 	return NULL;
     }

security/nss/lib/pki/tdcache.c

@@ -1046,32 +1046,6 @@ nssTrustDomain_GetCertForIssuerAndSNFromCache (
     return rvCert;
 }
 
-static PRStatus
-issuer_and_serial_from_encoding (
-  NSSBER *encoding, 
-  NSSDER *issuer, 
-  NSSDER *serial
-)
-{
-    SECItem derCert, derIssuer, derSerial;
-    SECStatus secrv;
-    derCert.data = (unsigned char *)encoding->data;
-    derCert.len = encoding->size;
-    secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer);
-    if (secrv != SECSuccess) {
-	return PR_FAILURE;
-    }
-    secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial);
-    if (secrv != SECSuccess) {
-	return PR_FAILURE;
-    }
-    issuer->data = derIssuer.data;
-    issuer->size = derIssuer.len;
-    serial->data = derSerial.data;
-    serial->size = derSerial.len;
-    return PR_SUCCESS;
-}
-
 /*
  * Look for a specific cert in the cache
  */
@@ -1084,7 +1058,7 @@ nssTrustDomain_GetCertByDERFromCache (
     PRStatus nssrv = PR_FAILURE;
     NSSDER issuer, serial;
     NSSCertificate *rvCert;
-    nssrv = issuer_and_serial_from_encoding(der, &issuer, &serial);
+    nssrv = nssPKIX509_GetIssuerAndSerialFromDER(der, &issuer, &serial);
     if (nssrv != PR_SUCCESS) {
 	return NULL;
     }

security/nss/lib/pki/trustdomain.c

@@ -831,20 +831,16 @@ nssTrustDomain_FindCertificateByEncodedCertificate (
     NSSCertificate *rvCert = NULL;
     NSSDER issuer = { 0 };
     NSSDER serial = { 0 };
-    NSSArena *arena = nssArena_Create();
-    if (!arena) {
-	return (NSSCertificate *)NULL;
-    }
     /* XXX this is not generic...  will any cert crack into issuer/serial? */
-    status = nssPKIX509_GetIssuerAndSerialFromDER(ber, arena, &issuer, &serial);
+    status = nssPKIX509_GetIssuerAndSerialFromDER(ber, &issuer, &serial);
     if (status != PR_SUCCESS) {
-	goto finish;
+	return NULL;
     }
     rvCert = nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td,
                                                                    &issuer,
                                                                    &serial);
-finish:
-    nssArena_Destroy(arena);
+    PORT_Free(issuer.data);
+    PORT_Free(serial.data);
     return rvCert;
 }