зеркало из https://github.com/mozilla/gecko-dev.git
af0ce9fbd6
Calling VFY_VerifyDigestDirect causes the provided SECKEYPublicKey to be reimported to the softoken regardless of if it already exists on it. EC keys must be verified upon import (to see if the point is on the curve to avoid some small subgroup attacks), and so repeatedly doing this with a static key (say, for example, a key corresponding to a built-in certificate transparency log) is inefficient. This patch alters the certificate transparency implementation to import these keys each once and then use PK11_Verify for ECDSA signature verification, which doesn't have the same drawback. Since this change causes CertVerifier to hold an NSS resource (via its MultiLogCTVerifier having a list of CTLogVerifier, each of which now has a SECKEYPublicKey), nsNSSComponent has to make sure it goes away before shutting down NSS. This patch ensures this happens in nsNSSComponent::ShutdownNSS(). MozReview-Commit-ID: 6VSmz7S53y2 --HG-- extra : rebase_source : 4994db9de80a6c1aec3d7e322ff30d040140ce92 |
||
|---|---|---|
| .. | ||
| CTDiversityPolicyTest.cpp | ||
| CTLogVerifierTest.cpp | ||
| CTObjectsExtractorTest.cpp | ||
| CTPolicyEnforcerTest.cpp | ||
| CTSerializationTest.cpp | ||
| CTTestUtils.cpp | ||
| CTTestUtils.h | ||
| MultiLogCTVerifierTest.cpp | ||
| moz.build | ||