From a46aa03484ec3e5705288fd1a99fe1c83d744efc Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 2 May 2014 10:40:03 -0700 Subject: [PATCH] Bug 1005208: Rename issuerKeyHash to keyHash in mozilla::pkix's pkixocsp.cpp, r=mmc --HG-- extra : rebase_source : ede4ed17cb56e3e52325ecadc2c5ded33c4a6013 extra : histedit_source : b727000e81bbc8afa6b9f8188b97065f59da45ad --- security/pkix/lib/pkixocsp.cpp | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/security/pkix/lib/pkixocsp.cpp b/security/pkix/lib/pkixocsp.cpp index 7105b968c93d..68b800267c0d 100644 --- a/security/pkix/lib/pkixocsp.cpp +++ b/security/pkix/lib/pkixocsp.cpp @@ -169,9 +169,9 @@ static inline der::Result CheckExtensionsForCriticality(der::Input&); static inline der::Result CertID(der::Input& input, const Context& context, /*out*/ bool& match); -static der::Result MatchIssuerKey(const SECItem& issuerKeyHash, - const CERTCertificate& issuer, - /*out*/ bool& match); +static der::Result MatchKeyHash(const SECItem& issuerKeyHash, + const CERTCertificate& issuer, + /*out*/ bool& match); // RFC 6960 section 4.2.2.2: The OCSP responder must either be the issuer of // the cert or it must be a delegated OCSP response signing cert directly @@ -240,12 +240,11 @@ GetOCSPSignerCertificate(TrustDomain& trustDomain, != der::Success) { return nullptr; } - SECItem issuerKeyHash; - if (der::Skip(responderID, der::OCTET_STRING, issuerKeyHash) != der::Success) { + SECItem keyHash; + if (der::Skip(responderID, der::OCTET_STRING, keyHash) != der::Success) { return nullptr; } - if (MatchIssuerKey(issuerKeyHash, *potentialSigner.get(), match) - != der::Success) { + if (MatchKeyHash(keyHash, *potentialSigner.get(), match) != der::Success) { return nullptr; } break; @@ -784,17 +783,17 @@ CertID(der::Input& input, const Context& context, /*out*/ bool& match) return der::Success; } - return MatchIssuerKey(issuerKeyHash, issuerCert, match); + return MatchKeyHash(issuerKeyHash, issuerCert, match); } // From http://tools.ietf.org/html/rfc6960#section-4.1.1: // "The hash shall be calculated over the value (excluding tag and length) of // the subject public key field in the issuer's certificate." static der::Result -MatchIssuerKey(const SECItem& issuerKeyHash, const CERTCertificate& issuer, - /*out*/ bool& match) +MatchKeyHash(const SECItem& keyHash, const CERTCertificate& cert, + /*out*/ bool& match) { - if (issuerKeyHash.len != SHA1_LENGTH) { + if (keyHash.len != SHA1_LENGTH) { return der::Fail(SEC_ERROR_OCSP_MALFORMED_RESPONSE); } @@ -803,7 +802,7 @@ MatchIssuerKey(const SECItem& issuerKeyHash, const CERTCertificate& issuer, // Copy just the length and data pointer (nothing needs to be freed) of the // subject public key so we can convert the length from bits to bytes, which // is what the digest function expects. - SECItem spk = issuer.subjectPublicKeyInfo.subjectPublicKey; + SECItem spk = cert.subjectPublicKeyInfo.subjectPublicKey; DER_ConvertBitString(&spk); static uint8_t hashBuf[SHA1_LENGTH]; @@ -811,7 +810,7 @@ MatchIssuerKey(const SECItem& issuerKeyHash, const CERTCertificate& issuer, return der::Failure; } - match = !memcmp(hashBuf, issuerKeyHash.data, issuerKeyHash.len); + match = !memcmp(hashBuf, keyHash.data, keyHash.len); return der::Success; }