From 3bb3de12ffd452e9e29e40072724be10bc488452 Mon Sep 17 00:00:00 2001
From: "relyea%netscape.com"
 <relyea%netscape.com@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Tue, 28 Jan 2003 16:38:04 +0000
Subject: [PATCH] Sign 3 sets of changes are here:

1) Provide accessor functions for the PK11_DefaultArray so that modutil
does not have to link statically to access it.

2) Try setting the attribute on an object before we go to the work of copying
it (Function Only used in Java).

3) Optimize searching for the more common types of attributes.


git-svn-id: svn://10.0.0.236/trunk@137029 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/security/nss/lib/pk11wrap/pk11func.h |  8 +++++++
 mozilla/security/nss/lib/pk11wrap/pk11skey.c | 19 ++++++++++++++--
 mozilla/security/nss/lib/pk11wrap/pk11slot.c | 24 ++++++++++++++++++++
 mozilla/security/nss/lib/pk11wrap/secmodti.h |  2 ++
 4 files changed, 51 insertions(+), 2 deletions(-)

diff --git a/mozilla/security/nss/lib/pk11wrap/pk11func.h b/mozilla/security/nss/lib/pk11wrap/pk11func.h
index f80d99bdaa2..4747fe6eaed 100644
--- a/mozilla/security/nss/lib/pk11wrap/pk11func.h
+++ b/mozilla/security/nss/lib/pk11wrap/pk11func.h
@@ -574,6 +574,14 @@ PK11_RawPBEKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *params,
 SECItem *
 PK11_GetPBEIV(SECAlgorithmID *algid, SECItem *pwitem);
 
+/**********************************************************************
+ * Functions to manage secmod flags
+ **********************************************************************/
+PK11DefaultArrayEntry * PK11_GetDefaultArray(int *);
+SECStatus PK11_UpdateSlotAttribute(PK11SlotInfo *, PK11DefaultArrayEntry *,
+							PRBool );
+
+
 /**********************************************************************
  * New fucntions which are already depricated....
  **********************************************************************/
diff --git a/mozilla/security/nss/lib/pk11wrap/pk11skey.c b/mozilla/security/nss/lib/pk11wrap/pk11skey.c
index bb8853d0ba5..1b745aa80d5 100644
--- a/mozilla/security/nss/lib/pk11wrap/pk11skey.c
+++ b/mozilla/security/nss/lib/pk11wrap/pk11skey.c
@@ -5023,8 +5023,23 @@ finish:
 PK11SymKey*
 PK11_CopySymKeyForSigning(PK11SymKey *originalKey, CK_MECHANISM_TYPE mech)
 {
-    return pk11_CopyToSlot(PK11_GetSlotFromKey(originalKey), mech, CKA_SIGN,
-			originalKey);
+    CK_RV crv;
+    CK_ATTRIBUTE setTemplate;
+    CK_BBOOL ckTrue = CK_TRUE; 
+    PK11SlotInfo *slot = originalKey->slot;
+
+    /* first just try to set this key up for signing */
+    PK11_SETATTRS(&setTemplate, CKA_SIGN, &ckTrue, sizeof(ckTrue));
+    pk11_EnterKeyMonitor(originalKey);
+    crv = PK11_GETTAB(slot)-> C_SetAttributeValue(originalKey->session, 
+				originalKey->objectID, &setTemplate, 1);
+    pk11_ExitKeyMonitor(originalKey);
+    if (crv == CKR_OK) {
+	return PK11_ReferenceSymKey(originalKey);
+    }
+
+    /* nope, doesn't like it, use the pk11 copy object command */
+    return pk11_CopyToSlot(slot, mech, CKA_SIGN, originalKey);
 }
 
 char *
diff --git a/mozilla/security/nss/lib/pk11wrap/pk11slot.c b/mozilla/security/nss/lib/pk11wrap/pk11slot.c
index cb02fb82f18..27fb2f3927a 100644
--- a/mozilla/security/nss/lib/pk11wrap/pk11slot.c
+++ b/mozilla/security/nss/lib/pk11wrap/pk11slot.c
@@ -90,6 +90,15 @@ PK11DefaultArrayEntry PK11_DefaultArray[] = {
 const int num_pk11_default_mechanisms = 
                 sizeof(PK11_DefaultArray) / sizeof(PK11_DefaultArray[0]);
 
+PK11DefaultArrayEntry *
+PK11_GetDefaultArray(int *size)
+{
+    if (size) {
+	*size = num_pk11_default_mechanisms;
+    }
+    return PK11_DefaultArray;
+}
+
 /*
  * These  slotlists are lists of modules which provide default support for
  *  a given algorithm or mechanism.
@@ -1670,6 +1679,7 @@ PK11_ReadMechanismList(PK11SlotInfo *slot)
 {
     CK_ULONG count;
     CK_RV crv;
+    int i;
 
     if (slot->mechanismList) {
 	PORT_Free(slot->mechanismList);
@@ -1701,6 +1711,14 @@ PK11_ReadMechanismList(PK11SlotInfo *slot)
 	return SECSuccess;
     }
     slot->mechanismCount = count;
+    PORT_Memset(slot->mechanismBits, 0, sizeof(slot->mechanismBits));
+
+    for (i=0; i < count; i++) {
+	CK_MECHANISM_TYPE mech = slot->mechanismList[i];
+	if (mech < 0x7ff) {
+	    slot->mechanismBits[mech & 0xff] |= 1 << (mech >> 8);
+	}
+    }
     return SECSuccess;
 }
 
@@ -2457,6 +2475,12 @@ PK11_DoesMechanism(PK11SlotInfo *slot, CK_MECHANISM_TYPE type)
 	return slot->hasRandom;
     }
 
+    /* for most mechanism, bypass the linear lookup */
+    if (type < 0x7ff) {
+	return (slot->mechanismBits[type & 0xff] & (1 << (type >> 8)))  ?
+		PR_TRUE : PR_FALSE;
+    }
+	   
     for (i=0; i < (int) slot->mechanismCount; i++) {
 	if (slot->mechanismList[i] == type) return PR_TRUE;
     }
diff --git a/mozilla/security/nss/lib/pk11wrap/secmodti.h b/mozilla/security/nss/lib/pk11wrap/secmodti.h
index af7cc32e70d..9973b3796ca 100644
--- a/mozilla/security/nss/lib/pk11wrap/secmodti.h
+++ b/mozilla/security/nss/lib/pk11wrap/secmodti.h
@@ -135,6 +135,8 @@ struct PK11SlotInfoStr {
     unsigned int lastState;
     /* for Stan */
     NSSToken *nssToken;
+    /* fast mechanism lookup */
+    char mechanismBits[256];
 };
 
 /* Symetric Key structure. Reference Counted */