Bug 1372418 - certificate transparency: remove unnecessary cached EC keys r=jschanck

These are unnecessary as of bug 1918279 (caching the results of signature verification). Differential Revision: https://phabricator.services.mozilla.com/D223776
2024-11-23 04:41:11 +00:00 · 2024-09-26 20:53:48 +00:00 · 2024-09-26 20:53:48 +00:00 · efe465e758
commit efe465e758
parent e3f8ee694f
2 changed files with 0 additions and 33 deletions
--- a/security/ct/CTLogVerifier.cpp
+++ b/security/ct/CTLogVerifier.cpp
@ -130,32 +130,6 @@ pkix::Result CTLogVerifier::Init(Input subjectPublicKeyInfo) {

  InputToBuffer(subjectPublicKeyInfo, mSubjectPublicKeyInfo);

-  if (mSignatureAlgorithm == DigitallySigned::SignatureAlgorithm::ECDSA) {
-    SECItem spkiSECItem = {
-        siBuffer, mSubjectPublicKeyInfo.data(),
-        static_cast<unsigned int>(mSubjectPublicKeyInfo.size())};
-    UniqueCERTSubjectPublicKeyInfo spki(
-        SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiSECItem));
-    if (!spki) {
-      return MapPRErrorCodeToResult(PR_GetError());
-    }
-    mPublicECKey.reset(SECKEY_ExtractPublicKey(spki.get()));
-    if (!mPublicECKey) {
-      return MapPRErrorCodeToResult(PR_GetError());
-    }
-    UniquePK11SlotInfo slot(PK11_GetInternalSlot());
-    if (!slot) {
-      return MapPRErrorCodeToResult(PR_GetError());
-    }
-    CK_OBJECT_HANDLE handle =
-        PK11_ImportPublicKey(slot.get(), mPublicECKey.get(), false);
-    if (handle == CK_INVALID_HANDLE) {
-      return MapPRErrorCodeToResult(PR_GetError());
-    }
-  } else {
-    mPublicECKey.reset(nullptr);
-  }
-
  mKeyId.resize(SHA256_LENGTH);
  rv = DigestBufNSS(subjectPublicKeyInfo, DigestAlgorithm::sha256,
                    mKeyId.data(), mKeyId.size());
--- a/security/ct/CTLogVerifier.h
+++ b/security/ct/CTLogVerifier.h
@ -7,8 +7,6 @@
 #ifndef CTLogVerifier_h
 #define CTLogVerifier_h

-#include <memory>
-
 #include "CTKnownLogs.h"
 #include "CTLog.h"
 #include "CTUtils.h"
@ -72,11 +70,6 @@ class CTLogVerifier {
  pkix::Result VerifySignature(const Buffer& data, const Buffer& signature,
                               SignatureCache* signatureCache);

-  // mPublicECKey works around an architectural deficiency in NSS. In the case
-  // of EC, if we don't create, import, and cache this key, NSS will import and
-  // verify it every signature verification, which is slow. For RSA, this is
-  // unused and will be null.
-  UniqueSECKEYPublicKey mPublicECKey;
  Buffer mSubjectPublicKeyInfo;
  Buffer mKeyId;
  DigitallySigned::SignatureAlgorithm mSignatureAlgorithm;