Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-23 12:51:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1372418 - certificate transparency: remove unnecessary cached EC keys r=jschanck

Browse Source 
These are unnecessary as of bug 1918279 (caching the results of signature
verification).

Differential Revision: https://phabricator.services.mozilla.com/D223776
This commit is contained in:
Dana Keeler 2024-09-26 20:53:48 +00:00
parent e3f8ee694f
commit efe465e758
2 changed files with 0 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
security/ct/CTLogVerifier.cpp
View File

@ -130,32 +130,6 @@ pkix::Result CTLogVerifier::Init(Input subjectPublicKeyInfo) {
InputToBuffer(subjectPublicKeyInfo, mSubjectPublicKeyInfo); InputToBuffer(subjectPublicKeyInfo, mSubjectPublicKeyInfo);
if (mSignatureAlgorithm == DigitallySigned::SignatureAlgorithm::ECDSA) {
SECItem spkiSECItem = {
siBuffer, mSubjectPublicKeyInfo.data(),
static_cast<unsigned int>(mSubjectPublicKeyInfo.size())};
UniqueCERTSubjectPublicKeyInfo spki(
SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiSECItem));
if (!spki) {
return MapPRErrorCodeToResult(PR_GetError());
}
mPublicECKey.reset(SECKEY_ExtractPublicKey(spki.get()));
if (!mPublicECKey) {
return MapPRErrorCodeToResult(PR_GetError());
}
UniquePK11SlotInfo slot(PK11_GetInternalSlot());
if (!slot) {
return MapPRErrorCodeToResult(PR_GetError());
}
CK_OBJECT_HANDLE handle =
PK11_ImportPublicKey(slot.get(), mPublicECKey.get(), false);
if (handle == CK_INVALID_HANDLE) {
return MapPRErrorCodeToResult(PR_GetError());
}
} else {
mPublicECKey.reset(nullptr);
}
mKeyId.resize(SHA256_LENGTH); mKeyId.resize(SHA256_LENGTH);
rv = DigestBufNSS(subjectPublicKeyInfo, DigestAlgorithm::sha256, rv = DigestBufNSS(subjectPublicKeyInfo, DigestAlgorithm::sha256,
mKeyId.data(), mKeyId.size()); mKeyId.data(), mKeyId.size());

7
security/ct/CTLogVerifier.h
View File

@ -7,8 +7,6 @@
#ifndef CTLogVerifier_h #ifndef CTLogVerifier_h
#define CTLogVerifier_h #define CTLogVerifier_h
#include <memory>
#include "CTKnownLogs.h" #include "CTKnownLogs.h"
#include "CTLog.h" #include "CTLog.h"
#include "CTUtils.h" #include "CTUtils.h"
@ -72,11 +70,6 @@ class CTLogVerifier {
pkix::Result VerifySignature(const Buffer& data, const Buffer& signature, pkix::Result VerifySignature(const Buffer& data, const Buffer& signature,
SignatureCache* signatureCache); SignatureCache* signatureCache);
// mPublicECKey works around an architectural deficiency in NSS. In the case
// of EC, if we don't create, import, and cache this key, NSS will import and
// verify it every signature verification, which is slow. For RSA, this is
// unused and will be null.
UniqueSECKEYPublicKey mPublicECKey;
Buffer mSubjectPublicKeyInfo; Buffer mSubjectPublicKeyInfo;
Buffer mKeyId; Buffer mKeyId;
DigitallySigned::SignatureAlgorithm mSignatureAlgorithm; DigitallySigned::SignatureAlgorithm mSignatureAlgorithm;