Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(68)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: crypto/ec_signature_creator_nss.cc

Issue 9302016: Fix an SECItem leak in the new ECSignatureCreator class. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Eliminate arena and rebase onto master. Created 8 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "crypto/ec_signature_creator.h" 5 #include "crypto/ec_signature_creator.h"
6 6
7 #include <cryptohi.h> 7 #include <cryptohi.h>
8 #include <pk11pub.h> 8 #include <pk11pub.h>
9 #include <secerr.h> 9 #include <secerr.h>
10 #include <sechash.h> 10 #include <sechash.h>
11 11
12 #include "base/logging.h" 12 #include "base/logging.h"
13 #include "crypto/ec_private_key.h" 13 #include "crypto/ec_private_key.h"
14 #include "crypto/nss_util.h" 14 #include "crypto/nss_util.h"
15 #include "crypto/scoped_nss_types.h" 15 #include "crypto/scoped_nss_types.h"
16 16
17 namespace crypto { 17 namespace crypto {
18 18
19 namespace { 19 namespace {
20 20
21 SECStatus SignData(PLArenaPool* arena, 21 SECStatus SignData(SECItem* result,
22 SECItem* result,
23 SECItem* input, 22 SECItem* input,
24 SECKEYPrivateKey* key, 23 SECKEYPrivateKey* key,
25 HASH_HashType hash_type) { 24 HASH_HashType hash_type) {
26 if (key->keyType != ecKey) { 25 if (key->keyType != ecKey) {
27 DLOG(FATAL) << "Should be using an EC key."; 26 DLOG(FATAL) << "Should be using an EC key.";
28 PORT_SetError(SEC_ERROR_INVALID_ARGS); 27 PORT_SetError(SEC_ERROR_INVALID_ARGS);
29 return SECFailure; 28 return SECFailure;
30 } 29 }
31 30
32 // Hash the input. 31 // Hash the input.
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
65 64
66 bool ECSignatureCreator::Sign(const uint8* data, 65 bool ECSignatureCreator::Sign(const uint8* data,
67 int data_len, 66 int data_len,
68 std::vector<uint8>* signature) { 67 std::vector<uint8>* signature) {
69 // Data to be signed 68 // Data to be signed
70 SECItem secret; 69 SECItem secret;
71 secret.type = siBuffer; 70 secret.type = siBuffer;
72 secret.len = data_len; 71 secret.len = data_len;
73 secret.data = const_cast<unsigned char*>(data); 72 secret.data = const_cast<unsigned char*>(data);
74 73
75 // |arena| is used to encode the cert. 74 // SECItem to receive the output buffer.
76 crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); 75 SECItem result;
77 CHECK(arena.get() != NULL); 76 result.type = siBuffer;
78 77 result.len = 0;
79 // Allocate space to contain the signed data. 78 result.data = NULL;
80 SECItem* result = SECITEM_AllocItem(arena.get(), NULL, 0);
81 if (!result) {
82 DLOG(ERROR) << "Unable to allocate space for signed data.";
83 return false;
84 }
85 79
86 // Sign the secret data and save it to |result|. 80 // Sign the secret data and save it to |result|.
87 SECStatus rv = 81 SECStatus rv =
88 SignData(arena.get(), result, &secret, key_->key(), HASH_AlgSHA1); 82 SignData(&result, &secret, key_->key(), HASH_AlgSHA1);
89 if (rv != SECSuccess) { 83 if (rv != SECSuccess) {
90 DLOG(ERROR) << "DerSignData: " << PORT_GetError(); 84 DLOG(ERROR) << "DerSignData: " << PORT_GetError();
91 return false; 85 return false;
92 } 86 }
93 87
94 // Copy the signed data into the output vector. 88 // Copy the signed data into the output vector.
95 signature->assign(result->data, result->data + result->len); 89 signature->assign(result.data, result.data + result.len);
90 SECITEM_FreeItem(&result, PR_FALSE /* only free |result.data| */);
wtc 2012/01/31 18:43:57 You can also just do PORT_Free(result.data); to
96 return true; 91 return true;
97 } 92 }
98 93
99 } // namespace crypto 94 } // namespace crypto
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698