diff options
author | julien.pierre.bugs%sun.com <devnull@localhost> | 2005-02-24 00:38:23 +0000 |
---|---|---|
committer | julien.pierre.bugs%sun.com <devnull@localhost> | 2005-02-24 00:38:23 +0000 |
commit | 140e16e65d5b73d83746aa61a8fe924a51efe5a8 (patch) | |
tree | d14b5cd9e04a22e1296d7915715f03e3e8e6b326 | |
parent | c375de776a4f229a96c4d965ce45ba4cc5bad26a (diff) | |
download | nss-hg-140e16e65d5b73d83746aa61a8fe924a51efe5a8.tar.gz |
Fix for 269581 - cache the value of CKA_PRIVATE on private keys to avoid unnecessary C_GetAttributeValue . Also fix i
ncorrect logic in attribute tests. r=rrelyea,wtchang
-rw-r--r-- | security/nss/lib/nss/nss.def | 2 | ||||
-rw-r--r-- | security/nss/lib/pk11wrap/pk11obj.c | 4 | ||||
-rw-r--r-- | security/nss/lib/pk11wrap/pk11skey.c | 6 | ||||
-rw-r--r-- | security/nss/lib/ssl/sslsecur.c | 1 |
4 files changed, 7 insertions, 6 deletions
diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index 04432e7fe..02f461290 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -252,7 +252,6 @@ PORT_FreeArena; PORT_NewArena; PORT_Realloc; PORT_ZAlloc; -PORT_ZFree; RSA_FormatBlock; SECITEM_CompareItem; SECKEY_CreateRSAPrivateKey; @@ -830,6 +829,7 @@ HASH_Clone; HASH_HashBuf; HASH_ResultLenByOidTag; HASH_ResultLenContext; +SECKEY_CacheStaticFlags; SECOID_AddEntry; ;+ local: ;+ *; diff --git a/security/nss/lib/pk11wrap/pk11obj.c b/security/nss/lib/pk11wrap/pk11obj.c index bb062a308..1505beac8 100644 --- a/security/nss/lib/pk11wrap/pk11obj.c +++ b/security/nss/lib/pk11wrap/pk11obj.c @@ -673,7 +673,7 @@ PK11_Sign(SECKEYPrivateKey *key, SECItem *sig, SECItem *hash) mech.mechanism = pk11_mapSignKeyType(key->keyType); - if (!PK11_HasAttributeSet(slot,key->pkcs11ID,CKA_PRIVATE)) { + if (SECKEY_HAS_ATTRIBUTE_SET(key,CKA_PRIVATE)) { PK11_HandlePasswordCheck(slot, key->wincx); } @@ -726,7 +726,7 @@ pk11_PrivDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, * decryption? .. because the user may have asked for 'ask always' * and this is a private key operation. In practice, thought, it's mute * since only servers wind up using this function */ - if (!PK11_HasAttributeSet(slot,key->pkcs11ID,CKA_PRIVATE)) { + if (SECKEY_HAS_ATTRIBUTE_SET(key,CKA_PRIVATE)) { PK11_HandlePasswordCheck(slot, key->wincx); } session = pk11_GetNewSession(slot,&owner); diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c index 4aad6fc32..09047e287 100644 --- a/security/nss/lib/pk11wrap/pk11skey.c +++ b/security/nss/lib/pk11wrap/pk11skey.c @@ -1877,7 +1877,7 @@ PK11_PubUnwrapSymKey(SECKEYPrivateKey *wrappingKey, SECItem *wrappedKey, CK_MECHANISM_TYPE wrapType = pk11_mapWrapKeyType(wrappingKey->keyType); PK11SlotInfo *slot = wrappingKey->pkcs11Slot; - if (!PK11_HasAttributeSet(slot,wrappingKey->pkcs11ID,CKA_PRIVATE)) { + if (SECKEY_HAS_ATTRIBUTE_SET(wrappingKey,CKA_PRIVATE)) { PK11_HandlePasswordCheck(slot,wrappingKey->wincx); } @@ -1900,7 +1900,7 @@ PK11_PubUnwrapSymKeyWithFlags(SECKEYPrivateKey *wrappingKey, templateCount = pk11_FlagsToAttributes(flags, keyTemplate, &ckTrue); - if (!PK11_HasAttributeSet(slot,wrappingKey->pkcs11ID,CKA_PRIVATE)) { + if (SECKEY_HAS_ATTRIBUTE_SET(wrappingKey,CKA_PRIVATE)) { PK11_HandlePasswordCheck(slot,wrappingKey->wincx); } @@ -1930,7 +1930,7 @@ PK11_PubUnwrapSymKeyWithFlagsPerm(SECKEYPrivateKey *wrappingKey, templateCount += pk11_FlagsToAttributes(flags, attrs, &cktrue); - if (!PK11_HasAttributeSet(slot,wrappingKey->pkcs11ID,CKA_PRIVATE)) { + if (SECKEY_HAS_ATTRIBUTE_SET(wrappingKey,CKA_PRIVATE)) { PK11_HandlePasswordCheck(slot,wrappingKey->wincx); } diff --git a/security/nss/lib/ssl/sslsecur.c b/security/nss/lib/ssl/sslsecur.c index ae34cb2d3..4aedc724a 100644 --- a/security/nss/lib/ssl/sslsecur.c +++ b/security/nss/lib/ssl/sslsecur.c @@ -675,6 +675,7 @@ SSL_ConfigSecureServer(PRFileDesc *fd, CERTCertificate *cert, sc->serverKey = SECKEY_CopyPrivateKey(key); if (sc->serverKey == NULL) goto loser; + SECKEY_CacheStaticFlags(sc->serverKey); } if (kea == kt_rsa) { |