Bug 1005208: Rename issuerKeyHash to keyHash in mozilla::pkix's pkixocsp.cpp, r=mmc

--HG-- extra : rebase_source : ede4ed17cb56e3e52325ecadc2c5ded33c4a6013 extra : histedit_source : b727000e81bbc8afa6b9f8188b97065f59da45ad
2014-05-02 10:40:03 -07:00 · 2014-05-02 10:40:03 -07:00 · a46aa03484
--- a/security/pkix/lib/pkixocsp.cpp
+++ b/security/pkix/lib/pkixocsp.cpp
@ -169,9 +169,9 @@ static inline der::Result CheckExtensionsForCriticality(der::Input&);
 static inline der::Result CertID(der::Input& input,
                                  const Context& context,
                                  /*out*/ bool& match);
-static der::Result MatchIssuerKey(const SECItem& issuerKeyHash,
+static der::Result MatchKeyHash(const SECItem& issuerKeyHash,
-                                   const CERTCertificate& issuer,
+                                const CERTCertificate& issuer,
-                                   /*out*/ bool& match);
+                                /*out*/ bool& match);
 // RFC 6960 section 4.2.2.2: The OCSP responder must either be the issuer of
 // the cert or it must be a delegated OCSP response signing cert directly
@ -240,12 +240,11 @@ GetOCSPSignerCertificate(TrustDomain& trustDomain,
              != der::Success) {
          return nullptr;
        }
-        SECItem issuerKeyHash;
+        SECItem keyHash;
-        if (der::Skip(responderID, der::OCTET_STRING, issuerKeyHash) != der::Success) {
+        if (der::Skip(responderID, der::OCTET_STRING, keyHash) != der::Success) {
          return nullptr;
        }
-        if (MatchIssuerKey(issuerKeyHash, *potentialSigner.get(), match)
+        if (MatchKeyHash(keyHash, *potentialSigner.get(), match) != der::Success) {
              != der::Success) {
          return nullptr;
        }
        break;
@ -784,17 +783,17 @@ CertID(der::Input& input, const Context& context, /*out*/ bool& match)
    return der::Success;
  }
-  return MatchIssuerKey(issuerKeyHash, issuerCert, match);
+  return MatchKeyHash(issuerKeyHash, issuerCert, match);
 }
 // From http://tools.ietf.org/html/rfc6960#section-4.1.1:
 // "The hash shall be calculated over the value (excluding tag and length) of
 // the subject public key field in the issuer's certificate."
 static der::Result
-MatchIssuerKey(const SECItem& issuerKeyHash, const CERTCertificate& issuer,
+MatchKeyHash(const SECItem& keyHash, const CERTCertificate& cert,
-               /*out*/ bool& match)
+             /*out*/ bool& match)
 {
-  if (issuerKeyHash.len != SHA1_LENGTH)  {
+  if (keyHash.len != SHA1_LENGTH)  {
    return der::Fail(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
  }
@ -803,7 +802,7 @@ MatchIssuerKey(const SECItem& issuerKeyHash, const CERTCertificate& issuer,
  // Copy just the length and data pointer (nothing needs to be freed) of the
  // subject public key so we can convert the length from bits to bytes, which
  // is what the digest function expects.
-  SECItem spk = issuer.subjectPublicKeyInfo.subjectPublicKey;
+  SECItem spk = cert.subjectPublicKeyInfo.subjectPublicKey;
  DER_ConvertBitString(&spk);
  static uint8_t hashBuf[SHA1_LENGTH];
@ -811,7 +810,7 @@ MatchIssuerKey(const SECItem& issuerKeyHash, const CERTCertificate& issuer,
    return der::Failure;
  }
-  match = !memcmp(hashBuf, issuerKeyHash.data, issuerKeyHash.len);
+  match = !memcmp(hashBuf, keyHash.data, keyHash.len);
  return der::Success;
 }