Closed
Bug 287418
Opened 19 years ago
Closed 19 years ago
Softoken has unnecessary memory allocations when doing DSA.
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11
People
(Reporter: rrelyea, Assigned: rrelyea)
Details
Attachments
(1 file, 1 obsolete file)
|
1.77 KB,
patch
|
wtc
:
review+
julien.pierre
:
superreview+
|
Details | Diff | Splinter Review |
The DSA Sign stub unnecessarily allocates a temparary buffer to hold the result
from DSA_Sign. (softoken/pkcs11c.c):
static SECStatus
nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
unsigned int *sigLen, unsigned int maxSigLen,
void *dataBuf, unsigned int dataLen)
{
SECItem signature = { 0 }, digest;
SECStatus rv;
NSSLOWKEYPrivateKey *key = (NSSLOWKEYPrivateKey *)ctx;
(void)SECITEM_AllocItem(NULL, &signature, maxSigLen);
digest.data = (unsigned char *)dataBuf;
digest.len = dataLen;
rv = DSA_SignDigest(&(key->u.dsa), &signature, &digest);
*sigLen = signature.len;
PORT_Memcpy(sigBuf, signature.data, signature.len);
SECITEM_FreeItem(&signature, PR_FALSE);
return rv;
}
The function should look like:
static SECStatus
nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
unsigned int *sigLen, unsigned int maxSigLen,
void *dataBuf, unsigned int dataLen)
{
SECItem signature, digest;
SECStatus rv;
NSSLOWKEYPrivateKey *key = (NSSLOWKEYPrivateKey *)ctx;
signature.data = (unsigned char *)sigBuf;
signature.len = maxSigLen;
digest.data = (unsigned char *)dataBuf;
digest.len = dataLen;
rv = DSA_SignDigest(&(key->u.dsa), &signature, &digest);
*sigLen = signature.len;
return rv;
}
A similiar fix should happen for ECDSA stub.
|
||
Comment 1•19 years ago
|
||
Bob, could you go ahead and check in the fix? If you want, you can attach a patch. I think the change you proposed is correct.
Assignee: wtchang → rrelyea
Version: 3.9.7 → 3.9.3
|
||
Updated•19 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
|
Assignee | |
Updated•19 years ago
|
Target Milestone: --- → 3.11
|
|
Assignee | |
Comment 2•19 years ago
|
||
Attachment #188487 -
Flags: superreview?(julien.pierre.bugs)
Attachment #188487 -
Flags: review?(wtchang)
|
|
Assignee | |
Comment 3•19 years ago
|
||
Attachment #188487 -
Attachment is obsolete: true
Attachment #188488 -
Flags: superreview?(julien.pierre.bugs)
Attachment #188488 -
Flags: review?(wtchang)
|
|
Assignee | |
Updated•19 years ago
|
Attachment #188487 -
Flags: superreview?(julien.pierre.bugs)
Attachment #188487 -
Flags: review?(wtchang)
|
|
||
Comment 4•19 years ago
|
||
Comment on attachment 188488 [details] [diff] [review] A -u version of the same patch for easier review. r=wtc.
Attachment #188488 -
Flags: review?(wtchang) → review+
|
||
Comment 5•19 years ago
|
||
Comment on attachment 188488 [details] [diff] [review] A -u version of the same patch for easier review. Looks fine. It would be even better if we had our const-ness right so we could declare DSA_SignDigest and ECDSA_SignDigest to take pointers to const keys, and signature as a const SECItem . But const done right involves painful propagation :(.
Attachment #188488 -
Flags: superreview?(julien.pierre.bugs) → superreview+
|
|
||
Comment 6•19 years ago
|
||
The "data" member of a const SECItem structure
is still a non-const unsigned char * pointer.
You need a new SECItemConst type like:
typedef struct SECItemConstStr SECItemConst;
struct SECItemConstStr {
SECItemType type;
const unsigned char *data;
unsigned int len;
};|
|
Assignee | |
Comment 7•19 years ago
|
||
Checking in pkcs11c.c; /cvsroot/mozilla/security/nss/lib/softoken/pkcs11c.c,v <-- pkcs11c.c new revision: 1.61; previous revision: 1.60 done
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•