Remove crypto::ECPrivateKey::IsSupported.

We no longer need to worry about the system NSS on decrepit Linux distributions. The only platform where ECPrivateKey is backed by NSS is iOS and we control that one. BUG=519504 Review URL: https://codereview.chromium.org/1408813002 Cr-Commit-Position: refs/heads/master@{#354379}
author: davidben <davidben@chromium.org> 2015-10-15 15:13:22 -0700
committer: Commit bot <commit-bot@chromium.org> 2015-10-15 22:14:28 +0000
commit: 24bb5a4b2e4d909c27740c5a12b3e167c49329f2 (patch)
tree: 493bc7ae973b9de7c1776d7f5f11ac929b8f36d1
parent: c389c80986ff755aad066c9691d6613fd9ae111c (diff)
download: chromium_src-24bb5a4b2e4d909c27740c5a12b3e167c49329f2.zip
chromium_src-24bb5a4b2e4d909c27740c5a12b3e167c49329f2.tar.gz
chromium_src-24bb5a4b2e4d909c27740c5a12b3e167c49329f2.tar.bz2
7 files changed, 15 insertions, 73 deletions
diff --git a/crypto/ec_private_key.h b/crypto/ec_private_key.h
index 87af838..a3ba49d 100644
--- a/crypto/ec_private_key.h
+++ b/crypto/ec_private_key.h
@@ -34,9 +34,6 @@ class CRYPTO_EXPORT ECPrivateKey {
  public:
   ~ECPrivateKey();
 
-  // Returns whether the system supports elliptic curve cryptography.
-  static bool IsSupported();
-
   // Creates a new random instance. Can return NULL if initialization fails.
   // The created key will use the NIST P-256 curve.
   // TODO(mattm): Add a curve parameter.
diff --git a/crypto/ec_private_key_nss.cc b/crypto/ec_private_key_nss.cc
index 5092010..5f8a4e6 100644
--- a/crypto/ec_private_key_nss.cc
+++ b/crypto/ec_private_key_nss.cc
@@ -15,7 +15,6 @@ extern "C" {
 #include <pk11pub.h>
 #include <secmod.h>
 
-#include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "crypto/nss_util.h"
@@ -25,34 +24,6 @@ extern "C" {
 
 namespace {
 
-PK11SlotInfo* GetTempKeySlot() {
-  return PK11_GetInternalSlot();
-}
-
-class EllipticCurveSupportChecker {
- public:
-  EllipticCurveSupportChecker() {
-    // NOTE: we can do this check here only because we use the NSS internal
-    // slot.  If we support other slots in the future, checking whether they
-    // support ECDSA may block NSS, and the value may also change as devices are
-    // inserted/removed, so we would need to re-check on every use.
-    crypto::EnsureNSSInit();
-    crypto::ScopedPK11Slot slot(GetTempKeySlot());
-    supported_ = PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) &&
-        PK11_DoesMechanism(slot.get(), CKM_ECDSA);
-  }
-
-  bool Supported() {
-    return supported_;
-  }
-
- private:
-  bool supported_;
-};
-
-static base::LazyInstance<EllipticCurveSupportChecker>::Leaky
-    g_elliptic_curve_supported = LAZY_INSTANCE_INITIALIZER;
-
 // Copied from rsa_private_key_nss.cc.
 static bool ReadAttribute(SECKEYPrivateKey* key,
                           CK_ATTRIBUTE_TYPE type,
@@ -82,15 +53,10 @@ ECPrivateKey::~ECPrivateKey() {
 }
 
 // static
-bool ECPrivateKey::IsSupported() {
-  return g_elliptic_curve_supported.Get().Supported();
-}
-
-// static
 ECPrivateKey* ECPrivateKey::Create() {
   EnsureNSSInit();
 
-  ScopedPK11Slot slot(GetTempKeySlot());
+  ScopedPK11Slot slot(PK11_GetInternalSlot());
   if (!slot)
     return nullptr;
 
@@ -140,7 +106,7 @@ ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
     const std::vector<uint8>& subject_public_key_info) {
   EnsureNSSInit();
 
-  ScopedPK11Slot slot(GetTempKeySlot());
+  ScopedPK11Slot slot(PK11_GetInternalSlot());
   if (!slot)
     return nullptr;
 
diff --git a/crypto/ec_private_key_openssl.cc b/crypto/ec_private_key_openssl.cc
index 1a06028..9836fa6 100644
--- a/crypto/ec_private_key_openssl.cc
+++ b/crypto/ec_private_key_openssl.cc
@@ -93,9 +93,6 @@ ECPrivateKey* ECPrivateKey::Copy() const {
 }
 
 // static
-bool ECPrivateKey::IsSupported() { return true; }
-
-// static
 ECPrivateKey* ECPrivateKey::Create() {
   OpenSSLErrStackTracer err_tracer(FROM_HERE);
 
diff --git a/net/socket/ssl_client_socket.cc b/net/socket/ssl_client_socket.cc
index 3472fd0..cf8f40a 100644
--- a/net/socket/ssl_client_socket.cc
+++ b/net/socket/ssl_client_socket.cc
@@ -127,14 +127,13 @@ void SSLClientSocket::RecordNegotiationExtension() {
 void SSLClientSocket::RecordChannelIDSupport(
     ChannelIDService* channel_id_service,
     bool negotiated_channel_id,
-    bool channel_id_enabled,
-    bool supports_ecc) {
+    bool channel_id_enabled) {
   // Since this enum is used for a histogram, do not change or re-use values.
   enum {
     DISABLED = 0,
     CLIENT_ONLY = 1,
     CLIENT_AND_SERVER = 2,
-    CLIENT_NO_ECC = 3,
+    // CLIENT_NO_ECC is unused now.
     // CLIENT_BAD_SYSTEM_TIME is unused now.
     CLIENT_BAD_SYSTEM_TIME = 4,
     CLIENT_NO_CHANNEL_ID_SERVICE = 5,
@@ -145,8 +144,6 @@ void SSLClientSocket::RecordChannelIDSupport(
   } else if (channel_id_enabled) {
     if (!channel_id_service)
       supported = CLIENT_NO_CHANNEL_ID_SERVICE;
-    else if (!supports_ecc)
-      supported = CLIENT_NO_ECC;
     else
       supported = CLIENT_ONLY;
   }
@@ -164,10 +161,6 @@ bool SSLClientSocket::IsChannelIDEnabled(
     DVLOG(1) << "NULL channel_id_service_, not enabling channel ID.";
     return false;
   }
-  if (!crypto::ECPrivateKey::IsSupported()) {
-    DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID.";
-    return false;
-  }
   return true;
 }
 
diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h
index 1d38048..e3df669 100644
--- a/net/socket/ssl_client_socket.h
+++ b/net/socket/ssl_client_socket.h
@@ -152,11 +152,9 @@ class NET_EXPORT SSLClientSocket : public SSLSocket {
 
   // Records histograms for channel id support during full handshakes - resumed
   // handshakes are ignored.
-  static void RecordChannelIDSupport(
-      ChannelIDService* channel_id_service,
-      bool negotiated_channel_id,
-      bool channel_id_enabled,
-      bool supports_ecc);
+  static void RecordChannelIDSupport(ChannelIDService* channel_id_service,
+                                     bool negotiated_channel_id,
+                                     bool channel_id_enabled);
 
   // Returns whether TLS channel ID is enabled.
   static bool IsChannelIDEnabled(
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 9f3aff6..29d8394 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -648,10 +648,8 @@ class SSLClientSocketNSS::Core : public base::RefCountedThreadSafe<Core> {
   void OnNSSBufferUpdated(int amount_in_read_buffer);
   void DidNSSRead(int result);
   void DidNSSWrite(int result);
-  void RecordChannelIDSupportOnNetworkTaskRunner(
-      bool negotiated_channel_id,
-      bool channel_id_enabled,
-      bool supports_ecc) const;
+  void RecordChannelIDSupportOnNetworkTaskRunner(bool negotiated_channel_id,
+                                                 bool channel_id_enabled) const;
 
   ////////////////////////////////////////////////////////////////////////////
   // Methods that are called on both the network task runner and the NSS
@@ -2131,23 +2129,17 @@ void SSLClientSocketNSS::Core::RecordChannelIDSupportOnNSSTaskRunner() {
   // network task runner state.
   PostOrRunCallback(
       FROM_HERE,
-      base::Bind(&Core::RecordChannelIDSupportOnNetworkTaskRunner,
-                 this,
-                 channel_id_xtn_negotiated_,
-                 ssl_config_.channel_id_enabled,
-                 crypto::ECPrivateKey::IsSupported()));
+      base::Bind(&Core::RecordChannelIDSupportOnNetworkTaskRunner, this,
+                 channel_id_xtn_negotiated_, ssl_config_.channel_id_enabled));
 }
 
 void SSLClientSocketNSS::Core::RecordChannelIDSupportOnNetworkTaskRunner(
     bool negotiated_channel_id,
-    bool channel_id_enabled,
-    bool supports_ecc) const {
+    bool channel_id_enabled) const {
   DCHECK(OnNetworkTaskRunner());
 
-  RecordChannelIDSupport(channel_id_service_,
-                         negotiated_channel_id,
-                         channel_id_enabled,
-                         supports_ecc);
+  RecordChannelIDSupport(channel_id_service_, negotiated_channel_id,
+                         channel_id_enabled);
 }
 
 int SSLClientSocketNSS::Core::DoBufferRecv(IOBuffer* read_buffer, int len) {
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index 92bf8f0..d575259 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -1116,8 +1116,7 @@ int SSLClientSocketOpenSSL::DoHandshakeComplete(int result) {
 
   RecordNegotiationExtension();
   RecordChannelIDSupport(channel_id_service_, channel_id_sent_,
-                         ssl_config_.channel_id_enabled,
-                         crypto::ECPrivateKey::IsSupported());
+                         ssl_config_.channel_id_enabled);
 
   // Only record OCSP histograms if OCSP was requested.
   if (ssl_config_.signed_cert_timestamps_enabled ||
author	davidben <davidben@chromium.org>	2015-10-15 15:13:22 -0700
committer	Commit bot <commit-bot@chromium.org>	2015-10-15 22:14:28 +0000
commit	24bb5a4b2e4d909c27740c5a12b3e167c49329f2 (patch)
tree	493bc7ae973b9de7c1776d7f5f11ac929b8f36d1
parent	c389c80986ff755aad066c9691d6613fd9ae111c (diff)
download	chromium_src-24bb5a4b2e4d909c27740c5a12b3e167c49329f2.zip chromium_src-24bb5a4b2e4d909c27740c5a12b3e167c49329f2.tar.gz chromium_src-24bb5a4b2e4d909c27740c5a12b3e167c49329f2.tar.bz2