Closed
Bug 287418
Opened 19 years ago
Closed 19 years ago
Softoken has unnecessary memory allocations when doing DSA.
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11
People
(Reporter: rrelyea, Assigned: rrelyea)
Details
Attachments
(1 file, 1 obsolete file)
1.77 KB,
patch
|
wtc
:
review+
julien.pierre
:
superreview+
|
Details | Diff | Splinter Review |
The DSA Sign stub unnecessarily allocates a temparary buffer to hold the result from DSA_Sign. (softoken/pkcs11c.c): static SECStatus nsc_DSA_Sign_Stub(void *ctx, void *sigBuf, unsigned int *sigLen, unsigned int maxSigLen, void *dataBuf, unsigned int dataLen) { SECItem signature = { 0 }, digest; SECStatus rv; NSSLOWKEYPrivateKey *key = (NSSLOWKEYPrivateKey *)ctx; (void)SECITEM_AllocItem(NULL, &signature, maxSigLen); digest.data = (unsigned char *)dataBuf; digest.len = dataLen; rv = DSA_SignDigest(&(key->u.dsa), &signature, &digest); *sigLen = signature.len; PORT_Memcpy(sigBuf, signature.data, signature.len); SECITEM_FreeItem(&signature, PR_FALSE); return rv; } The function should look like: static SECStatus nsc_DSA_Sign_Stub(void *ctx, void *sigBuf, unsigned int *sigLen, unsigned int maxSigLen, void *dataBuf, unsigned int dataLen) { SECItem signature, digest; SECStatus rv; NSSLOWKEYPrivateKey *key = (NSSLOWKEYPrivateKey *)ctx; signature.data = (unsigned char *)sigBuf; signature.len = maxSigLen; digest.data = (unsigned char *)dataBuf; digest.len = dataLen; rv = DSA_SignDigest(&(key->u.dsa), &signature, &digest); *sigLen = signature.len; return rv; } A similiar fix should happen for ECDSA stub.
Comment 1•19 years ago
|
||
Bob, could you go ahead and check in the fix? If you want, you can attach a patch. I think the change you proposed is correct.
Assignee: wtchang → rrelyea
Version: 3.9.7 → 3.9.3
Updated•19 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
Assignee | ||
Updated•19 years ago
|
Target Milestone: --- → 3.11
Assignee | ||
Comment 2•19 years ago
|
||
Attachment #188487 -
Flags: superreview?(julien.pierre.bugs)
Attachment #188487 -
Flags: review?(wtchang)
Assignee | ||
Comment 3•19 years ago
|
||
Attachment #188487 -
Attachment is obsolete: true
Attachment #188488 -
Flags: superreview?(julien.pierre.bugs)
Attachment #188488 -
Flags: review?(wtchang)
Assignee | ||
Updated•19 years ago
|
Attachment #188487 -
Flags: superreview?(julien.pierre.bugs)
Attachment #188487 -
Flags: review?(wtchang)
Comment 4•19 years ago
|
||
Comment on attachment 188488 [details] [diff] [review] A -u version of the same patch for easier review. r=wtc.
Attachment #188488 -
Flags: review?(wtchang) → review+
Comment 5•19 years ago
|
||
Comment on attachment 188488 [details] [diff] [review] A -u version of the same patch for easier review. Looks fine. It would be even better if we had our const-ness right so we could declare DSA_SignDigest and ECDSA_SignDigest to take pointers to const keys, and signature as a const SECItem . But const done right involves painful propagation :(.
Attachment #188488 -
Flags: superreview?(julien.pierre.bugs) → superreview+
Comment 6•19 years ago
|
||
The "data" member of a const SECItem structure is still a non-const unsigned char * pointer. You need a new SECItemConst type like: typedef struct SECItemConstStr SECItemConst; struct SECItemConstStr { SECItemType type; const unsigned char *data; unsigned int len; };
Assignee | ||
Comment 7•19 years ago
|
||
Checking in pkcs11c.c; /cvsroot/mozilla/security/nss/lib/softoken/pkcs11c.c,v <-- pkcs11c.c new revision: 1.61; previous revision: 1.60 done
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•