Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2280)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: crypto/ec_private_key_nss.cc

Issue 10700099: NSS Channel ID: don't check ECC support on every socket creation. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: rebase Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « crypto/ec_private_key.h ('k') | crypto/ec_private_key_openssl.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: crypto/ec_private_key_nss.cc
diff --git a/crypto/ec_private_key_nss.cc b/crypto/ec_private_key_nss.cc
index c6c476325bb7b52ed7ee4ff0013e6346e2244559..9bb9df124e497ca4a3c6077bbc88575bd6f16729 100644
--- a/crypto/ec_private_key_nss.cc
+++ b/crypto/ec_private_key_nss.cc
@@ -15,6 +15,7 @@ extern "C" {
#include <pk11pub.h>
#include <secmod.h>
+#include "base/lazy_instance.h"
#include "base/logging.h"
#include "base/memory/scoped_ptr.h"
#include "crypto/nss_util.h"
@@ -24,6 +25,34 @@ extern "C" {
namespace {
+PK11SlotInfo* GetKeySlot() {
+ return crypto::GetPublicNSSKeySlot();
+}
+
+class EllipticCurveSupportChecker {
+ public:
+ EllipticCurveSupportChecker() {
+ // NOTE: we can do this check here only because we use the NSS internal
+ // slot. If we support other slots in the future, checking whether they
+ // support ECDSA may block NSS, and the value may also change as devices are
+ // inserted/removed, so we would need to re-check on every use.
+ crypto::EnsureNSSInit();
+ crypto::ScopedPK11Slot slot(GetKeySlot());
+ supported_ = PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) &&
+ PK11_DoesMechanism(slot.get(), CKM_ECDSA);
+ }
+
+ bool Supported() {
+ return supported_;
+ }
+
+ private:
+ bool supported_;
+};
+
+static base::LazyInstance<EllipticCurveSupportChecker>::Leaky
+ g_elliptic_curve_supported = LAZY_INSTANCE_INITIALIZER;
+
// Copied from rsa_private_key_nss.cc.
static bool ReadAttribute(SECKEYPrivateKey* key,
CK_ATTRIBUTE_TYPE type,
@@ -53,6 +82,11 @@ ECPrivateKey::~ECPrivateKey() {
}
// static
+bool ECPrivateKey::IsSupported() {
+ return g_elliptic_curve_supported.Get().Supported();
+}
+
+// static
ECPrivateKey* ECPrivateKey::Create() {
return CreateWithParams(PR_FALSE /* not permanent */,
PR_FALSE /* not sensitive */);
@@ -114,7 +148,7 @@ bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo(
bool sensitive,
SECKEYPrivateKey** key,
SECKEYPublicKey** public_key) {
- ScopedPK11Slot slot(GetPublicNSSKeySlot());
+ ScopedPK11Slot slot(GetKeySlot());
if (!slot.get())
return false;
@@ -247,7 +281,7 @@ ECPrivateKey* ECPrivateKey::CreateWithParams(bool permanent,
scoped_ptr<ECPrivateKey> result(new ECPrivateKey);
- ScopedPK11Slot slot(GetPrivateNSSKeySlot());
+ ScopedPK11Slot slot(GetKeySlot());
if (!slot.get())
return NULL;
« no previous file with comments | « crypto/ec_private_key.h ('k') | crypto/ec_private_key_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698