In bug 286642 comment 115, we copied the DERTemplate SGNDigestInfoTemplate to lib/cryptohi and lib/softoken so that we don't need to export it from the libnssutil3 shared library. SGNDigestInfoTemplate is only used to encode a DigestInfo. It turns out that we have a SGN_EncodeDigestInfo function in lib/util/secdig.{h,c}. It's just not exported. If we export this function, we can remove the copies of SGNDigestInfoTemplate from lib/cryptohi and lib/softoken. The current implementation of SGNDigestInfoTemplate uses SEC_ASN1EncodeItem. In bug 286642 comment 115 Nelson noted that there may be some subtle difference between the way that DER_Encode and SEC_ASN1EncodeItem encode AlgorithmIDs with null parameters. To eliminate this potential issue, in the first patch attached, I re-implement SGN_EncodeDigestInfo using DER_Encode.

[Note: Nelson's comment on the encoding of AlgorithmIDs with null parameters is in bug 286642 comment 120.] The is the patch I originally proposed, which uses SEC_ASN1EncodeItem to encode DigestInfo and SignedData. It eliminates three DERTemplates, but could introduce subtle differences in encoding. I suggest that we use the first patch instead. I have a question: should SGN_EncodeDigestInfo return SECStatus or SECItem*? It returns SECItem* now, which can allocate the result SECItem for the caller if the caller passes NULL as 'dest'. Our current code doesn't use this feature.

Comment on attachment 289179 [details] [diff] [review] Implement SGN_EncodeDigestInfo using DER_Encode r=nelsonb ... with some reluctance. This patch eliminates the copy of SGNDigestInfoTemplate in Cryptohi, but does not eliminate the copy of SECAlgorithmIDTemplate. So, this doesn't really reduce cryptohi's dependence on DERTemplates much. I guess it's a minor reduction in bloat. But it adds YA function to the public interface that we must support forever. It appears to be correct.

SECAlgorithmIDTemplate is referenced by another remaining DERTemplate in cryptohi, so I can't remove it. Re: adding YA function that we must support forever: if you look at nssutil.def: SGN_CompareDigestInfo_Util; SGN_CopyDigestInfo_Util; SGN_CreateDigestInfo_Util; SGN_DecodeDigestInfo; SGN_DestroyDigestInfo_Util; +SGN_EncodeDigestInfo; You see that this new function is closely related to the functions we already export, in particular SGN_DecodeDigestInfo.

Unsetting target milestone in unresolved bugs whose targets have passed.