diff options
author | davidben <davidben@chromium.org> | 2015-10-15 15:13:22 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-10-15 22:14:28 +0000 |
commit | 24bb5a4b2e4d909c27740c5a12b3e167c49329f2 (patch) | |
tree | 493bc7ae973b9de7c1776d7f5f11ac929b8f36d1 | |
parent | c389c80986ff755aad066c9691d6613fd9ae111c (diff) | |
download | chromium_src-24bb5a4b2e4d909c27740c5a12b3e167c49329f2.zip chromium_src-24bb5a4b2e4d909c27740c5a12b3e167c49329f2.tar.gz chromium_src-24bb5a4b2e4d909c27740c5a12b3e167c49329f2.tar.bz2 |
Remove crypto::ECPrivateKey::IsSupported.
We no longer need to worry about the system NSS on decrepit Linux
distributions. The only platform where ECPrivateKey is backed by NSS is iOS and
we control that one.
BUG=519504
Review URL: https://codereview.chromium.org/1408813002
Cr-Commit-Position: refs/heads/master@{#354379}
-rw-r--r-- | crypto/ec_private_key.h | 3 | ||||
-rw-r--r-- | crypto/ec_private_key_nss.cc | 38 | ||||
-rw-r--r-- | crypto/ec_private_key_openssl.cc | 3 | ||||
-rw-r--r-- | net/socket/ssl_client_socket.cc | 11 | ||||
-rw-r--r-- | net/socket/ssl_client_socket.h | 8 | ||||
-rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 22 | ||||
-rw-r--r-- | net/socket/ssl_client_socket_openssl.cc | 3 |
7 files changed, 15 insertions, 73 deletions
diff --git a/crypto/ec_private_key.h b/crypto/ec_private_key.h index 87af838..a3ba49d 100644 --- a/crypto/ec_private_key.h +++ b/crypto/ec_private_key.h @@ -34,9 +34,6 @@ class CRYPTO_EXPORT ECPrivateKey { public: ~ECPrivateKey(); - // Returns whether the system supports elliptic curve cryptography. - static bool IsSupported(); - // Creates a new random instance. Can return NULL if initialization fails. // The created key will use the NIST P-256 curve. // TODO(mattm): Add a curve parameter. diff --git a/crypto/ec_private_key_nss.cc b/crypto/ec_private_key_nss.cc index 5092010..5f8a4e6 100644 --- a/crypto/ec_private_key_nss.cc +++ b/crypto/ec_private_key_nss.cc @@ -15,7 +15,6 @@ extern "C" { #include <pk11pub.h> #include <secmod.h> -#include "base/lazy_instance.h" #include "base/logging.h" #include "base/memory/scoped_ptr.h" #include "crypto/nss_util.h" @@ -25,34 +24,6 @@ extern "C" { namespace { -PK11SlotInfo* GetTempKeySlot() { - return PK11_GetInternalSlot(); -} - -class EllipticCurveSupportChecker { - public: - EllipticCurveSupportChecker() { - // NOTE: we can do this check here only because we use the NSS internal - // slot. If we support other slots in the future, checking whether they - // support ECDSA may block NSS, and the value may also change as devices are - // inserted/removed, so we would need to re-check on every use. - crypto::EnsureNSSInit(); - crypto::ScopedPK11Slot slot(GetTempKeySlot()); - supported_ = PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) && - PK11_DoesMechanism(slot.get(), CKM_ECDSA); - } - - bool Supported() { - return supported_; - } - - private: - bool supported_; -}; - -static base::LazyInstance<EllipticCurveSupportChecker>::Leaky - g_elliptic_curve_supported = LAZY_INSTANCE_INITIALIZER; - // Copied from rsa_private_key_nss.cc. static bool ReadAttribute(SECKEYPrivateKey* key, CK_ATTRIBUTE_TYPE type, @@ -82,15 +53,10 @@ ECPrivateKey::~ECPrivateKey() { } // static -bool ECPrivateKey::IsSupported() { - return g_elliptic_curve_supported.Get().Supported(); -} - -// static ECPrivateKey* ECPrivateKey::Create() { EnsureNSSInit(); - ScopedPK11Slot slot(GetTempKeySlot()); + ScopedPK11Slot slot(PK11_GetInternalSlot()); if (!slot) return nullptr; @@ -140,7 +106,7 @@ ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( const std::vector<uint8>& subject_public_key_info) { EnsureNSSInit(); - ScopedPK11Slot slot(GetTempKeySlot()); + ScopedPK11Slot slot(PK11_GetInternalSlot()); if (!slot) return nullptr; diff --git a/crypto/ec_private_key_openssl.cc b/crypto/ec_private_key_openssl.cc index 1a06028..9836fa6 100644 --- a/crypto/ec_private_key_openssl.cc +++ b/crypto/ec_private_key_openssl.cc @@ -93,9 +93,6 @@ ECPrivateKey* ECPrivateKey::Copy() const { } // static -bool ECPrivateKey::IsSupported() { return true; } - -// static ECPrivateKey* ECPrivateKey::Create() { OpenSSLErrStackTracer err_tracer(FROM_HERE); diff --git a/net/socket/ssl_client_socket.cc b/net/socket/ssl_client_socket.cc index 3472fd0..cf8f40a 100644 --- a/net/socket/ssl_client_socket.cc +++ b/net/socket/ssl_client_socket.cc @@ -127,14 +127,13 @@ void SSLClientSocket::RecordNegotiationExtension() { void SSLClientSocket::RecordChannelIDSupport( ChannelIDService* channel_id_service, bool negotiated_channel_id, - bool channel_id_enabled, - bool supports_ecc) { + bool channel_id_enabled) { // Since this enum is used for a histogram, do not change or re-use values. enum { DISABLED = 0, CLIENT_ONLY = 1, CLIENT_AND_SERVER = 2, - CLIENT_NO_ECC = 3, + // CLIENT_NO_ECC is unused now. // CLIENT_BAD_SYSTEM_TIME is unused now. CLIENT_BAD_SYSTEM_TIME = 4, CLIENT_NO_CHANNEL_ID_SERVICE = 5, @@ -145,8 +144,6 @@ void SSLClientSocket::RecordChannelIDSupport( } else if (channel_id_enabled) { if (!channel_id_service) supported = CLIENT_NO_CHANNEL_ID_SERVICE; - else if (!supports_ecc) - supported = CLIENT_NO_ECC; else supported = CLIENT_ONLY; } @@ -164,10 +161,6 @@ bool SSLClientSocket::IsChannelIDEnabled( DVLOG(1) << "NULL channel_id_service_, not enabling channel ID."; return false; } - if (!crypto::ECPrivateKey::IsSupported()) { - DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID."; - return false; - } return true; } diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h index 1d38048..e3df669 100644 --- a/net/socket/ssl_client_socket.h +++ b/net/socket/ssl_client_socket.h @@ -152,11 +152,9 @@ class NET_EXPORT SSLClientSocket : public SSLSocket { // Records histograms for channel id support during full handshakes - resumed // handshakes are ignored. - static void RecordChannelIDSupport( - ChannelIDService* channel_id_service, - bool negotiated_channel_id, - bool channel_id_enabled, - bool supports_ecc); + static void RecordChannelIDSupport(ChannelIDService* channel_id_service, + bool negotiated_channel_id, + bool channel_id_enabled); // Returns whether TLS channel ID is enabled. static bool IsChannelIDEnabled( diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 9f3aff6..29d8394 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -648,10 +648,8 @@ class SSLClientSocketNSS::Core : public base::RefCountedThreadSafe<Core> { void OnNSSBufferUpdated(int amount_in_read_buffer); void DidNSSRead(int result); void DidNSSWrite(int result); - void RecordChannelIDSupportOnNetworkTaskRunner( - bool negotiated_channel_id, - bool channel_id_enabled, - bool supports_ecc) const; + void RecordChannelIDSupportOnNetworkTaskRunner(bool negotiated_channel_id, + bool channel_id_enabled) const; //////////////////////////////////////////////////////////////////////////// // Methods that are called on both the network task runner and the NSS @@ -2131,23 +2129,17 @@ void SSLClientSocketNSS::Core::RecordChannelIDSupportOnNSSTaskRunner() { // network task runner state. PostOrRunCallback( FROM_HERE, - base::Bind(&Core::RecordChannelIDSupportOnNetworkTaskRunner, - this, - channel_id_xtn_negotiated_, - ssl_config_.channel_id_enabled, - crypto::ECPrivateKey::IsSupported())); + base::Bind(&Core::RecordChannelIDSupportOnNetworkTaskRunner, this, + channel_id_xtn_negotiated_, ssl_config_.channel_id_enabled)); } void SSLClientSocketNSS::Core::RecordChannelIDSupportOnNetworkTaskRunner( bool negotiated_channel_id, - bool channel_id_enabled, - bool supports_ecc) const { + bool channel_id_enabled) const { DCHECK(OnNetworkTaskRunner()); - RecordChannelIDSupport(channel_id_service_, - negotiated_channel_id, - channel_id_enabled, - supports_ecc); + RecordChannelIDSupport(channel_id_service_, negotiated_channel_id, + channel_id_enabled); } int SSLClientSocketNSS::Core::DoBufferRecv(IOBuffer* read_buffer, int len) { diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc index 92bf8f0..d575259 100644 --- a/net/socket/ssl_client_socket_openssl.cc +++ b/net/socket/ssl_client_socket_openssl.cc @@ -1116,8 +1116,7 @@ int SSLClientSocketOpenSSL::DoHandshakeComplete(int result) { RecordNegotiationExtension(); RecordChannelIDSupport(channel_id_service_, channel_id_sent_, - ssl_config_.channel_id_enabled, - crypto::ECPrivateKey::IsSupported()); + ssl_config_.channel_id_enabled); // Only record OCSP histograms if OCSP was requested. if (ssl_config_.signed_cert_timestamps_enabled || |