Update third_party/nss to NSS 3.15.4.

nss/lib/certdb/cert.h

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*
  * cert.h - public data structures and prototypes for the certificate library
  */
 
 #ifndef _CERT_H_
 #define _CERT_H_
@@ skipping 1200 matching lines @@
 
 CERTCertList *
 CERT_MatchUserCert(CERTCertDBHandle *handle,
                    SECCertUsage usage,
                    int nCANames, char **caNames,
                    void *proto_win);
 
 CERTCertList *
 CERT_NewCertList(void);
 
+/* free the cert list and all the certs in the list */
 void
 CERT_DestroyCertList(CERTCertList *certs);
 
 /* remove the node and free the cert */
 void
 CERT_RemoveCertListNode(CERTCertListNode *node);
 
+/* equivalent to CERT_AddCertToListTailWithData(certs, cert, NULL) */
 SECStatus
 CERT_AddCertToListTail(CERTCertList *certs, CERTCertificate *cert);
 
+/* equivalent to CERT_AddCertToListHeadWithData(certs, cert, NULL) */
 SECStatus
 CERT_AddCertToListHead(CERTCertList *certs, CERTCertificate *cert);
 
+/*
+ * The new cert list node takes ownership of "cert". "cert" is freed
+ * when the list node is removed.
+ */
 SECStatus
 CERT_AddCertToListTailWithData(CERTCertList *certs, CERTCertificate *cert,
                                                          void *appData);
 
+/*
+ * The new cert list node takes ownership of "cert". "cert" is freed
+ * when the list node is removed.
+ */
 SECStatus
 CERT_AddCertToListHeadWithData(CERTCertList *certs, CERTCertificate *cert,
                                                          void *appData);
 
 typedef PRBool (* CERTSortCallback)(CERTCertificate *certa,
                                     CERTCertificate *certb,
                                     void *arg);
 SECStatus
 CERT_AddCertToListSorted(CERTCertList *certs, CERTCertificate *cert,
                          CERTSortCallback f, void *arg);
@@ skipping 238 matching lines @@
 CERT_LockCertTrust(const CERTCertificate *cert);
 
 /*
  * Free the cert trust lock
  */
 void
 CERT_UnlockCertTrust(const CERTCertificate *cert);
 
 /*
  * Digest the cert's subject public key using the specified algorithm.
+ * NOTE: this digests the value of the BIT STRING subjectPublicKey (excluding
+ * the tag, length, and number of unused bits) rather than the whole
+ * subjectPublicKeyInfo field.
+ *
  * The necessary storage for the digest data is allocated.  If "fill" is
  * non-null, the data is put there, otherwise a SECItem is allocated.
  * Allocation from "arena" if it is non-null, heap otherwise.  Any problem
  * results in a NULL being returned (and an appropriate error set).
  */ 
 extern SECItem *
-CERT_GetSPKIDigest(PLArenaPool *arena, const CERTCertificate *cert,
-                   SECOidTag digestAlg, SECItem *fill);
+CERT_GetSubjectPublicKeyDigest(PLArenaPool *arena, const CERTCertificate *cert,
+                               SECOidTag digestAlg, SECItem *fill);
 
+/*
+ * Digest the cert's subject name using the specified algorithm.
+ */
+extern SECItem *
+CERT_GetSubjectNameDigest(PLArenaPool *arena, const CERTCertificate *cert,
+                          SECOidTag digestAlg, SECItem *fill);
 
 SECStatus CERT_CheckCRL(CERTCertificate* cert, CERTCertificate* issuer,
                         const SECItem* dp, PRTime t, void* wincx);
 
 
 /*
  * Add a CERTNameConstraint to the CERTNameConstraint list
  */
 extern CERTNameConstraint *
 CERT_AddNameConstraint(CERTNameConstraint *list, 
@@ skipping 131 matching lines @@
 /*
  * Destroy the arrays inside flags,
  * and destroy the object pointed to by flags, too.
  */
 extern void
 CERT_DestroyCERTRevocationFlags(CERTRevocationFlags *flags);
 
 SEC_END_PROTOS
 
 #endif /* _CERT_H_ */