зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1005208: Rename issuerKeyHash to keyHash in mozilla::pkix's pkixocsp.cpp, r=mmc
--HG-- extra : rebase_source : ede4ed17cb56e3e52325ecadc2c5ded33c4a6013 extra : histedit_source : b727000e81bbc8afa6b9f8188b97065f59da45ad
This commit is contained in:
Родитель
20a90d85b4
Коммит
a46aa03484
|
@ -169,7 +169,7 @@ static inline der::Result CheckExtensionsForCriticality(der::Input&);
|
|||
static inline der::Result CertID(der::Input& input,
|
||||
const Context& context,
|
||||
/*out*/ bool& match);
|
||||
static der::Result MatchIssuerKey(const SECItem& issuerKeyHash,
|
||||
static der::Result MatchKeyHash(const SECItem& issuerKeyHash,
|
||||
const CERTCertificate& issuer,
|
||||
/*out*/ bool& match);
|
||||
|
||||
|
@ -240,12 +240,11 @@ GetOCSPSignerCertificate(TrustDomain& trustDomain,
|
|||
!= der::Success) {
|
||||
return nullptr;
|
||||
}
|
||||
SECItem issuerKeyHash;
|
||||
if (der::Skip(responderID, der::OCTET_STRING, issuerKeyHash) != der::Success) {
|
||||
SECItem keyHash;
|
||||
if (der::Skip(responderID, der::OCTET_STRING, keyHash) != der::Success) {
|
||||
return nullptr;
|
||||
}
|
||||
if (MatchIssuerKey(issuerKeyHash, *potentialSigner.get(), match)
|
||||
!= der::Success) {
|
||||
if (MatchKeyHash(keyHash, *potentialSigner.get(), match) != der::Success) {
|
||||
return nullptr;
|
||||
}
|
||||
break;
|
||||
|
@ -784,17 +783,17 @@ CertID(der::Input& input, const Context& context, /*out*/ bool& match)
|
|||
return der::Success;
|
||||
}
|
||||
|
||||
return MatchIssuerKey(issuerKeyHash, issuerCert, match);
|
||||
return MatchKeyHash(issuerKeyHash, issuerCert, match);
|
||||
}
|
||||
|
||||
// From http://tools.ietf.org/html/rfc6960#section-4.1.1:
|
||||
// "The hash shall be calculated over the value (excluding tag and length) of
|
||||
// the subject public key field in the issuer's certificate."
|
||||
static der::Result
|
||||
MatchIssuerKey(const SECItem& issuerKeyHash, const CERTCertificate& issuer,
|
||||
MatchKeyHash(const SECItem& keyHash, const CERTCertificate& cert,
|
||||
/*out*/ bool& match)
|
||||
{
|
||||
if (issuerKeyHash.len != SHA1_LENGTH) {
|
||||
if (keyHash.len != SHA1_LENGTH) {
|
||||
return der::Fail(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
|
||||
}
|
||||
|
||||
|
@ -803,7 +802,7 @@ MatchIssuerKey(const SECItem& issuerKeyHash, const CERTCertificate& issuer,
|
|||
// Copy just the length and data pointer (nothing needs to be freed) of the
|
||||
// subject public key so we can convert the length from bits to bytes, which
|
||||
// is what the digest function expects.
|
||||
SECItem spk = issuer.subjectPublicKeyInfo.subjectPublicKey;
|
||||
SECItem spk = cert.subjectPublicKeyInfo.subjectPublicKey;
|
||||
DER_ConvertBitString(&spk);
|
||||
|
||||
static uint8_t hashBuf[SHA1_LENGTH];
|
||||
|
@ -811,7 +810,7 @@ MatchIssuerKey(const SECItem& issuerKeyHash, const CERTCertificate& issuer,
|
|||
return der::Failure;
|
||||
}
|
||||
|
||||
match = !memcmp(hashBuf, issuerKeyHash.data, issuerKeyHash.len);
|
||||
match = !memcmp(hashBuf, keyHash.data, keyHash.len);
|
||||
return der::Success;
|
||||
}
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче