Closed Bug 1307459 Opened 8 years ago Closed 8 years ago

ExtendedValidation.cpp:myTrustedEVInfos creates static constructors on Linux/Android

Categories

(Core :: Security: PSM, defect, P2)

defect

Tracking

()

RESOLVED WORKSFORME
Tracking Status
firefox52 --- affected

People

(Reporter: froydnj, Unassigned)

References

Details

(Whiteboard: [psm-blocked])

Why bug 1289455 removed manual CERT_DestroyCertificate calls in favor of UniqueCERTCertificate, one non-obvious side effect was to make |struct nsMyTrustedEVInfo| in ExtendedValidation.cpp a non-POD structure, as UniqueCERTCertificate has user-defined constructors.  On some compilers, this change causes a static constructor to be generated for the myTrustedEVInfos array.  On x86-64 Linux, for instance, we have a 24K function just to initialize the array:

   385: 0000000000000000 23674 FUNC    LOCAL  DEFAULT  540 _GLOBAL__sub_I_Unified_cpp_certverifier0.cpp

(This is partly because the code to initialize the array is completely awful, but still.)  It would be really nice if we didn't have to do this.

Unfortunately, the usual trick that I turn to in this situation (constexpr constructors for the non-POD thing in question) doesn't seem to work; GCC still generates a static constructor.

The other alternative I thought of was to have two arrays, one with all the constant information (oid bits, fingerprint, base64 pointers), and then the certs can be stored off to the side in a separate array.  The separate array should at least result in a smaller static constructor.  It makes the code a bit more complicated, but maybe that's acceptable here.  Bug 1289455 comment 2 sounds like we don't even need to store the certificate in this array, but I don't know how to do that--but am willing to try with appropriate help.

David: thoughts, ideas?
Flags: needinfo?(dkeeler)
(In reply to Nathan Froyd [:froydnj] from comment #0)
> Bug 1289455 comment 2 sounds like we don't even need to store the certificate in this array, but
> I don't know how to do that--but am willing to try with appropriate help.

FWIW, I have a WIP attached to Bug 1296214 that implements this (I should've mentioned the bug number in Bug 1289455, but oh well). I can drive it to completion if it solves this bug.
Yep - I think bug 1296214 is the way to go here.
Depends on: 1296214
Flags: needinfo?(dkeeler)
Priority: -- → P2
Whiteboard: [psm-blocked]
froydnj: Is this fixed now that Bug 1296214 is?
Flags: needinfo?(nfroyd)
(In reply to :Cykesiopka from comment #3)
> froydnj: Is this fixed now that Bug 1296214 is?

This is!  Thank you for finishing off that bug.
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(nfroyd)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.