mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Fix for 178895 - QuickDER optimizations. r=relyea

This commit is contained in:
jpierre%netscape.com 2004-06-05 00:50:32 +00:00
Родитель b9baa999e4
Коммит 15c733be33
5 изменённых файлов: 173 добавлений и 116 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

221
security/nss/lib/cryptohi/seckey.c
Просмотреть файл

@ -577,44 +577,52 @@ SECKEY_UpdateCertPQG(CERTCertificate * subjectCert)
SECStatus
SECKEY_FortezzaDecodePQGtoOld(PRArenaPool *arena, SECKEYPublicKey *pubk,
SECItem *params) {
SECStatus rv;
SECKEYPQGDualParams dual_params;
SECStatus rv;
SECKEYPQGDualParams dual_params;
SECItem newparams;
PORT_Assert(arena);
if (params == NULL) return SECFailure;
if (params->data == NULL) return SECFailure;
/* make a copy of the data into the arena so QuickDER output is valid */
rv = SECITEM_CopyItem(arena, &newparams, params);
/* Check if params use the standard format.
* The value 0xa1 will appear in the first byte of the parameter data
* if the PQG parameters are not using the standard format. This
* code should be changed to use a better method to detect non-standard
* parameters. */
if ((params->data[0] != 0xa1) &&
(params->data[0] != 0xa0)) {
if ((newparams.data[0] != 0xa1) &&
(newparams.data[0] != 0xa0)) {
if (SECSuccess == rv) {
/* PQG params are in the standard format */
/* Store DSA PQG parameters */
prepare_pqg_params_for_asn1(&pubk->u.fortezza.params);
rv = SEC_ASN1DecodeItem(arena, &pubk->u.fortezza.params,
rv = SEC_QuickDERDecodeItem(arena, &pubk->u.fortezza.params,
SECKEY_PQGParamsTemplate,
params);
&newparams);
}
if (rv == SECSuccess) {
/* Copy the DSA PQG parameters to the KEA PQG parameters. */
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.prime,
&pubk->u.fortezza.params.prime);
if (rv != SECSuccess) return rv;
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.subPrime,
&pubk->u.fortezza.params.subPrime);
if (rv != SECSuccess) return rv;
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.base,
&pubk->u.fortezza.params.base);
if (rv != SECSuccess) return rv;
}
if (SECSuccess == rv) {
/* Copy the DSA PQG parameters to the KEA PQG parameters. */
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.prime,
&pubk->u.fortezza.params.prime);
}
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.subPrime,
&pubk->u.fortezza.params.subPrime);
}
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.base,
&pubk->u.fortezza.params.base);
}
} else {
dual_params.CommParams.prime.len = 0;
@ -626,67 +634,79 @@ SECKEY_FortezzaDecodePQGtoOld(PRArenaPool *arena, SECKEYPublicKey *pubk,
/* else the old fortezza-only wrapped format is used. */
if (params->data[0] == 0xa1) {
rv = SEC_ASN1DecodeItem(arena, &dual_params,
SECKEY_FortezzaPreParamTemplate, params);
} else {
rv = SEC_ASN1DecodeItem(arena, &dual_params,
SECKEY_FortezzaAltPreParamTemplate, params);
if (SECSuccess == rv) {
if (newparams.data[0] == 0xa1) {
rv = SEC_QuickDERDecodeItem(arena, &dual_params,
SECKEY_FortezzaPreParamTemplate, &newparams);
} else {
rv = SEC_QuickDERDecodeItem(arena, &dual_params,
SECKEY_FortezzaAltPreParamTemplate, &newparams);
}
}
if (rv < 0) return rv;
if ( (dual_params.CommParams.prime.len > 0) &&
(dual_params.CommParams.subPrime.len > 0) &&
(dual_params.CommParams.base.len > 0) ) {
/* copy in common params */
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.params.prime,
&dual_params.CommParams.prime);
if (rv != SECSuccess) return rv;
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.params.subPrime,
&dual_params.CommParams.subPrime);
if (rv != SECSuccess) return rv;
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.params.base,
&dual_params.CommParams.base);
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.params.prime,
&dual_params.CommParams.prime);
}
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.params.subPrime,
&dual_params.CommParams.subPrime);
}
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.params.base,
&dual_params.CommParams.base);
}
/* Copy the DSA PQG parameters to the KEA PQG parameters. */
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.prime,
&pubk->u.fortezza.params.prime);
if (rv != SECSuccess) return rv;
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.subPrime,
&pubk->u.fortezza.params.subPrime);
if (rv != SECSuccess) return rv;
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.base,
&pubk->u.fortezza.params.base);
if (rv != SECSuccess) return rv;
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.prime,
&pubk->u.fortezza.params.prime);
}
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.subPrime,
&pubk->u.fortezza.params.subPrime);
}
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.base,
&pubk->u.fortezza.params.base);
}
} else {
/* else copy in different params */
/* copy DSA PQG parameters */
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.params.prime,
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.params.prime,
&dual_params.DiffParams.DiffDSAParams.prime);
if (rv != SECSuccess) return rv;
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.params.subPrime,
}
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.params.subPrime,
&dual_params.DiffParams.DiffDSAParams.subPrime);
if (rv != SECSuccess) return rv;
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.params.base,
}
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.params.base,
&dual_params.DiffParams.DiffDSAParams.base);
}
/* copy KEA PQG parameters */
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.prime,
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.prime,
&dual_params.DiffParams.DiffKEAParams.prime);
if (rv != SECSuccess) return rv;
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.subPrime,
}
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.subPrime,
&dual_params.DiffParams.DiffKEAParams.subPrime);
if (rv != SECSuccess) return rv;
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.base,
}
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.base,
&dual_params.DiffParams.DiffKEAParams.base);
}
}
}
return rv;
}
@ -699,27 +719,35 @@ SECKEY_FortezzaDecodePQGtoOld(PRArenaPool *arena, SECKEYPublicKey *pubk,
SECStatus
SECKEY_DSADecodePQG(PRArenaPool *arena, SECKEYPublicKey *pubk, SECItem *params) {
SECStatus rv;
SECKEYPQGDualParams dual_params;
SECStatus rv;
SECKEYPQGDualParams dual_params;
SECItem newparams;
if (params == NULL) return SECFailure;
if (params->data == NULL) return SECFailure;
PORT_Assert(arena);
/* make a copy of the data into the arena so QuickDER output is valid */
rv = SECITEM_CopyItem(arena, &newparams, params);
/* Check if params use the standard format.
* The value 0xa1 will appear in the first byte of the parameter data
* if the PQG parameters are not using the standard format. This
* code should be changed to use a better method to detect non-standard
* parameters. */
if ((params->data[0] != 0xa1) &&
(params->data[0] != 0xa0)) {
if ((newparams.data[0] != 0xa1) &&
(newparams.data[0] != 0xa0)) {
/* PQG params are in the standard format */
prepare_pqg_params_for_asn1(&pubk->u.dsa.params);
rv = SEC_ASN1DecodeItem(arena, &pubk->u.dsa.params,
SECKEY_PQGParamsTemplate,
params);
if (SECSuccess == rv) {
/* PQG params are in the standard format */
prepare_pqg_params_for_asn1(&pubk->u.dsa.params);
rv = SEC_QuickDERDecodeItem(arena, &pubk->u.dsa.params,
SECKEY_PQGParamsTemplate,
&newparams);
}
} else {
dual_params.CommParams.prime.len = 0;
@ -729,52 +757,57 @@ SECKEY_DSADecodePQG(PRArenaPool *arena, SECKEYPublicKey *pubk, SECItem *params)
dual_params.DiffParams.DiffDSAParams.subPrime.len = 0;
dual_params.DiffParams.DiffDSAParams.base.len = 0;
/* else the old fortezza-only wrapped format is used. */
if (params->data[0] == 0xa1) {
rv = SEC_ASN1DecodeItem(arena, &dual_params,
SECKEY_FortezzaPreParamTemplate, params);
} else {
rv = SEC_ASN1DecodeItem(arena, &dual_params,
SECKEY_FortezzaAltPreParamTemplate, params);
if (SECSuccess == rv) {
/* else the old fortezza-only wrapped format is used. */
if (newparams.data[0] == 0xa1) {
rv = SEC_QuickDERDecodeItem(arena, &dual_params,
SECKEY_FortezzaPreParamTemplate, &newparams);
} else {
rv = SEC_QuickDERDecodeItem(arena, &dual_params,
SECKEY_FortezzaAltPreParamTemplate, &newparams);
}
}
if (rv < 0) return rv;
if ( (dual_params.CommParams.prime.len > 0) &&
(dual_params.CommParams.subPrime.len > 0) &&
(dual_params.CommParams.base.len > 0) ) {
/* copy in common params */
rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.prime,
&dual_params.CommParams.prime);
if (rv != SECSuccess) return rv;
rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.subPrime,
&dual_params.CommParams.subPrime);
if (rv != SECSuccess) return rv;
rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.base,
&dual_params.CommParams.base);
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.prime,
&dual_params.CommParams.prime);
}
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.subPrime,
&dual_params.CommParams.subPrime);
}
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.base,
&dual_params.CommParams.base);
}
} else {
/* else copy in different params */
/* copy DSA PQG parameters */
rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.prime,
&dual_params.DiffParams.DiffDSAParams.prime);
if (rv != SECSuccess) return rv;
rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.subPrime,
&dual_params.DiffParams.DiffDSAParams.subPrime);
if (rv != SECSuccess) return rv;
rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.base,
&dual_params.DiffParams.DiffDSAParams.base);
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.prime,
&dual_params.DiffParams.DiffDSAParams.prime);
}
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.subPrime,
&dual_params.DiffParams.DiffDSAParams.subPrime);
}
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.base,
&dual_params.DiffParams.DiffDSAParams.base);
}
}
}
return rv;
}
/* Decodes the DER encoded fortezza public key and stores the results in a
* structure of type SECKEYPublicKey. */

4
security/nss/lib/pk11wrap/pk11pbe.c
Просмотреть файл

@ -422,10 +422,10 @@ pbe_PK11AlgidToParam(SECAlgorithmID *algid,SECItem *mech)
}
if (sec_pkcs5_is_algorithm_v2_pkcs12_algorithm(algorithm)) {
rv = SEC_ASN1DecodeItem(arena, &p5_param,
rv = SEC_QuickDERDecodeItem(arena, &p5_param,
SEC_V2PKCS12PBEParameterTemplate, &algid->parameters);
} else {
rv = SEC_ASN1DecodeItem(arena,&p5_param,SEC_PKCS5PBEParameterTemplate,
rv = SEC_QuickDERDecodeItem(arena,&p5_param,SEC_PKCS5PBEParameterTemplate,
&algid->parameters);
}

23
security/nss/lib/pk11wrap/pk11pk12.c
Просмотреть файл

@ -250,11 +250,18 @@ PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI,
SECStatus rv = SECFailure;
temparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!temparena) {
goto finish;
}
pki = PORT_ArenaZNew(temparena, SECKEYPrivateKeyInfo);
if (!pki) {
goto finish;
}
pki->arena = temparena;
rv = SEC_ASN1DecodeItem(pki->arena, pki, SECKEY_PrivateKeyInfoTemplate,
rv = SEC_QuickDERDecodeItem(pki->arena, pki, SECKEY_PrivateKeyInfoTemplate,
derPKI);
if( rv != SECSuccess ) {
goto finish;
}
@ -263,9 +270,13 @@ PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI,
publicValue, isPerm, isPrivate, keyUsage, privk, wincx);
finish:
if( pki != NULL ) {
/* this zeroes the key and frees the arena */
SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /*freeit*/);
if( temparena != NULL ) {
if (pki) {
/* this zeroes the key and frees the arena */
SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /*freeit*/);
} else {
PORT_FreeArena(temparena, PR_FALSE);
}
}
return rv;
}
@ -522,12 +533,12 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
}
/* decode the private key and any algorithm parameters */
rv = SEC_ASN1DecodeItem(arena, lpk, keyTemplate, &pki->privateKey);
rv = SEC_QuickDERDecodeItem(arena, lpk, keyTemplate, &pki->privateKey);
if(rv != SECSuccess) {
goto loser;
}
if(paramDest && paramTemplate) {
rv = SEC_ASN1DecodeItem(arena, paramDest, paramTemplate,
rv = SEC_QuickDERDecodeItem(arena, paramDest, paramTemplate,
&(pki->algorithm.parameters));
if(rv != SECSuccess) {
goto loser;

2
security/nss/lib/pk11wrap/pk11sdr.c
Просмотреть файл

@ -275,7 +275,7 @@ PK11SDR_Decrypt(SECItem *data, SECItem *result, void *cx)
/* Decode the incoming data */
memset(&sdrResult, 0, sizeof sdrResult);
rv = SEC_ASN1DecodeItem(arena, &sdrResult, template, data);
rv = SEC_QuickDERDecodeItem(arena, &sdrResult, template, data);
if (rv != SECSuccess) goto loser; /* Invalid format */
/* Find the slot and key for the given keyid */

39
security/nss/lib/softoken/keydb.c
Просмотреть файл

@ -34,7 +34,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: keydb.c,v 1.38 2004-04-27 23:04:38 gerv%gerv.net Exp $ */
/* $Id: keydb.c,v 1.39 2004-06-05 00:50:32 jpierre%netscape.com Exp $ */
#include "lowkeyi.h"
#include "seccomon.h"
@ -1917,10 +1917,13 @@ seckey_decrypt_private_key(NSSLOWKEYEncryptedPrivateKeyInfo *epki,
if(dest != NULL)
{
SECItem newPrivateKey;
SECItem newAlgParms;
SEC_PRINT("seckey_decrypt_private_key()", "PrivateKeyInfo", -1,
dest);
rv = SEC_ASN1DecodeItem(temparena, pki,
rv = SEC_QuickDERDecodeItem(temparena, pki,
nsslowkey_PrivateKeyInfoTemplate, dest);
if(rv == SECSuccess)
{
@ -1929,29 +1932,37 @@ seckey_decrypt_private_key(NSSLOWKEYEncryptedPrivateKeyInfo *epki,
case SEC_OID_PKCS1_RSA_ENCRYPTION:
pk->keyType = NSSLOWKEYRSAKey;
prepare_low_rsa_priv_key_for_asn1(pk);
rv = SEC_ASN1DecodeItem(permarena, pk,
if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey,
&pki->privateKey) ) break;
rv = SEC_QuickDERDecodeItem(permarena, pk,
nsslowkey_RSAPrivateKeyTemplate,
&pki->privateKey);
&newPrivateKey);
break;
case SEC_OID_ANSIX9_DSA_SIGNATURE:
pk->keyType = NSSLOWKEYDSAKey;
prepare_low_dsa_priv_key_for_asn1(pk);
rv = SEC_ASN1DecodeItem(permarena, pk,
if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey,
&pki->privateKey) ) break;
rv = SEC_QuickDERDecodeItem(permarena, pk,
nsslowkey_DSAPrivateKeyTemplate,
&pki->privateKey);
&newPrivateKey);
if (rv != SECSuccess)
goto loser;
prepare_low_pqg_params_for_asn1(&pk->u.dsa.params);
rv = SEC_ASN1DecodeItem(permarena, &pk->u.dsa.params,
if (SECSuccess != SECITEM_CopyItem(permarena, &newAlgParms,
&pki->algorithm.parameters) ) break;
rv = SEC_QuickDERDecodeItem(permarena, &pk->u.dsa.params,
nsslowkey_PQGParamsTemplate,
&pki->algorithm.parameters);
&newAlgParms);
break;
case SEC_OID_X942_DIFFIE_HELMAN_KEY:
pk->keyType = NSSLOWKEYDHKey;
prepare_low_dh_priv_key_for_asn1(pk);
rv = SEC_ASN1DecodeItem(permarena, pk,
if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey,
&pki->privateKey) ) break;
rv = SEC_QuickDERDecodeItem(permarena, pk,
nsslowkey_DHPrivateKeyTemplate,
&pki->privateKey);
&newPrivateKey);
break;
#ifdef NSS_ENABLE_ECC
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
@ -1961,9 +1972,11 @@ seckey_decrypt_private_key(NSSLOWKEYEncryptedPrivateKeyInfo *epki,
fordebug = &pki->privateKey;
SEC_PRINT("seckey_decrypt_private_key()", "PrivateKey",
pk->keyType, fordebug);
rv = SEC_ASN1DecodeItem(permarena, pk,
if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey,
&pki->privateKey) ) break;
rv = SEC_QuickDERDecodeItem(permarena, pk,
nsslowkey_ECPrivateKeyTemplate,
&pki->privateKey);
&newPrivateKey);
if (rv != SECSuccess)
goto loser;
@ -2059,7 +2072,7 @@ seckey_decode_encrypted_private_key(NSSLOWKEYDBKey *dbkey, SECItem *pwitem)
goto loser;
}
rv = SEC_ASN1DecodeItem(temparena, epki,
rv = SEC_QuickDERDecodeItem(temparena, epki,
nsslowkey_EncryptedPrivateKeyInfoTemplate,
&(dbkey->derPK));
if(rv != SECSuccess) {