Don't need to copy the challenge data before calling DER_Encode because

DER_Encode will copy it. Document the GenKeyAndSignChallenge function. R=mattm,davidben BUG=148 TEST=none Review URL: http://codereview.chromium.org/2866011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50682 0039d316-1c4b-4281-b951-d872f2087c98

Don't need to copy the challenge data before calling DER_Encode because
DER_Encode will copy it. Document the GenKeyAndSignChallenge function. R=mattm,davidben BUG=148 TEST=none Review URL: http://codereview.chromium.org/2866011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50682 0039d316-1c4b-4281-b951-d872f2087c98
270d97d0 · wtc@chromium.org · 2ccd1297 · 270d97d0 · 270d97d0
Commit 270d97d0 authored 14 years ago by wtc@chromium.org
--- a/net/third_party/mozilla_security_manager/nsKeygenHandler.cpp
+++ b/net/third_party/mozilla_security_manager/nsKeygenHandler.cpp
@@ -123,7 +123,6 @@ std::string GenKeyAndSignChallenge(int key_size_in_bits,
  SECItem signedItem;
  CERTPublicKeyAndChallenge pkac;
  void *keyGenParams;
-  pkac.challenge.data = NULL;
  bool isSuccess = true;  // Set to false as soon as a step fails.

  std::string result_blob;  // the result.
@@ -208,13 +207,9 @@ std::string GenKeyAndSignChallenge(int key_size_in_bits,

  // Set up the PublicKeyAndChallenge data structure, then DER encode it.
  pkac.spki = spkiItem;
+  pkac.challenge.type = siBuffer;
  pkac.challenge.len = challenge.length();
-  pkac.challenge.data = (unsigned char *)strdup(challenge.c_str());
-  if (!pkac.challenge.data) {
-    LOG(ERROR) << "Out of memory while making a copy of challenge data";
-    isSuccess = false;
-    goto failure;
-  }
+  pkac.challenge.data = (unsigned char *)challenge.data();
  sec_rv = DER_Encode(arena, &pkacItem, CERTPublicKeyAndChallengeTemplate,
                      &pkac);
  if (SECSuccess != sec_rv) {
@@ -275,9 +270,6 @@ std::string GenKeyAndSignChallenge(int key_size_in_bits,
  if (slot != NULL) {
    PK11_FreeSlot(slot);
  }
-  if (pkac.challenge.data) {
-    free(pkac.challenge.data);
-  }

  return (isSuccess ? result_blob : std::string());
 }

--- a/net/third_party/mozilla_security_manager/nsKeygenHandler.h
+++ b/net/third_party/mozilla_security_manager/nsKeygenHandler.h
@@ -47,6 +47,12 @@ namespace mozilla_security_manager {
 #define DEFAULT_RSA_KEYGEN_PE 65537L
 #define DEFAULT_RSA_KEYGEN_ALG SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION

+// Generates the key pair and the cert request (SPKAC), and returns a
+// base64-encoded string suitable for use as the form value of <keygen>.
+// Parameters:
+//   key_size_in_bits: key size in bits (usually 2048)
+//   challenge: challenge string sent by server
+//   stores_key: should the generated key pair be stored persistently?
 std::string GenKeyAndSignChallenge(int key_size_in_bits,
                                   const std::string& challenge,
                                   bool stores_key);