Closed
Bug 287418
Opened 20 years ago
Closed 20 years ago
Softoken has unnecessary memory allocations when doing DSA.
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11
People
(Reporter: rrelyea, Assigned: rrelyea)
Details
Attachments
(1 file, 1 obsolete file)
|
1.77 KB,
patch
|
wtc
:
review+
julien.pierre
:
superreview+
|
Details | Diff | Splinter Review |
The DSA Sign stub unnecessarily allocates a temparary buffer to hold the result
from DSA_Sign. (softoken/pkcs11c.c):
static SECStatus
nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
unsigned int *sigLen, unsigned int maxSigLen,
void *dataBuf, unsigned int dataLen)
{
SECItem signature = { 0 }, digest;
SECStatus rv;
NSSLOWKEYPrivateKey *key = (NSSLOWKEYPrivateKey *)ctx;
(void)SECITEM_AllocItem(NULL, &signature, maxSigLen);
digest.data = (unsigned char *)dataBuf;
digest.len = dataLen;
rv = DSA_SignDigest(&(key->u.dsa), &signature, &digest);
*sigLen = signature.len;
PORT_Memcpy(sigBuf, signature.data, signature.len);
SECITEM_FreeItem(&signature, PR_FALSE);
return rv;
}
The function should look like:
static SECStatus
nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
unsigned int *sigLen, unsigned int maxSigLen,
void *dataBuf, unsigned int dataLen)
{
SECItem signature, digest;
SECStatus rv;
NSSLOWKEYPrivateKey *key = (NSSLOWKEYPrivateKey *)ctx;
signature.data = (unsigned char *)sigBuf;
signature.len = maxSigLen;
digest.data = (unsigned char *)dataBuf;
digest.len = dataLen;
rv = DSA_SignDigest(&(key->u.dsa), &signature, &digest);
*sigLen = signature.len;
return rv;
}
A similiar fix should happen for ECDSA stub.
|
||
Comment 1•20 years ago
|
||
Bob, could you go ahead and check in the fix? If
you want, you can attach a patch. I think the
change you proposed is correct.
Assignee: wtchang → rrelyea
Version: 3.9.7 → 3.9.3
|
||
Updated•20 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
|
Assignee | |
Updated•20 years ago
|
Target Milestone: --- → 3.11
|
|
Assignee | |
Comment 2•20 years ago
|
||
Attachment #188487 -
Flags: superreview?(julien.pierre.bugs)
Attachment #188487 -
Flags: review?(wtchang)
|
|
Assignee | |
Comment 3•20 years ago
|
||
Attachment #188487 -
Attachment is obsolete: true
Attachment #188488 -
Flags: superreview?(julien.pierre.bugs)
Attachment #188488 -
Flags: review?(wtchang)
|
|
Assignee | |
Updated•20 years ago
|
Attachment #188487 -
Flags: superreview?(julien.pierre.bugs)
Attachment #188487 -
Flags: review?(wtchang)
|
|
||
Comment 4•20 years ago
|
||
Comment on attachment 188488 [details] [diff] [review]
A -u version of the same patch for easier review.
r=wtc.
Attachment #188488 -
Flags: review?(wtchang) → review+
|
|
||
Comment 5•20 years ago
|
||
Comment on attachment 188488 [details] [diff] [review]
A -u version of the same patch for easier review.
Looks fine. It would be even better if we had our const-ness right so we could
declare DSA_SignDigest and ECDSA_SignDigest to take pointers to const keys, and
signature as a const SECItem . But const done right involves painful
propagation :(.
Attachment #188488 -
Flags: superreview?(julien.pierre.bugs) → superreview+
|
|
||
Comment 6•20 years ago
|
||
The "data" member of a const SECItem structure
is still a non-const unsigned char * pointer.
You need a new SECItemConst type like:
typedef struct SECItemConstStr SECItemConst;
struct SECItemConstStr {
SECItemType type;
const unsigned char *data;
unsigned int len;
};
|
|
Assignee | |
Comment 7•20 years ago
|
||
Checking in pkcs11c.c;
/cvsroot/mozilla/security/nss/lib/softoken/pkcs11c.c,v <-- pkcs11c.c
new revision: 1.61; previous revision: 1.60
done
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•