Bug 1372418 - certificate transparency: remove unnecessary cached EC keys r=jschanck

These are unnecessary as of bug 1918279 (caching the results of signature
verification).

Differential Revision: https://phabricator.services.mozilla.com/D223776
This commit is contained in:
Dana Keeler 2024-09-26 20:53:48 +00:00
parent e3f8ee694f
commit efe465e758
2 changed files with 0 additions and 33 deletions

View File

@ -130,32 +130,6 @@ pkix::Result CTLogVerifier::Init(Input subjectPublicKeyInfo) {
InputToBuffer(subjectPublicKeyInfo, mSubjectPublicKeyInfo);
if (mSignatureAlgorithm == DigitallySigned::SignatureAlgorithm::ECDSA) {
SECItem spkiSECItem = {
siBuffer, mSubjectPublicKeyInfo.data(),
static_cast<unsigned int>(mSubjectPublicKeyInfo.size())};
UniqueCERTSubjectPublicKeyInfo spki(
SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiSECItem));
if (!spki) {
return MapPRErrorCodeToResult(PR_GetError());
}
mPublicECKey.reset(SECKEY_ExtractPublicKey(spki.get()));
if (!mPublicECKey) {
return MapPRErrorCodeToResult(PR_GetError());
}
UniquePK11SlotInfo slot(PK11_GetInternalSlot());
if (!slot) {
return MapPRErrorCodeToResult(PR_GetError());
}
CK_OBJECT_HANDLE handle =
PK11_ImportPublicKey(slot.get(), mPublicECKey.get(), false);
if (handle == CK_INVALID_HANDLE) {
return MapPRErrorCodeToResult(PR_GetError());
}
} else {
mPublicECKey.reset(nullptr);
}
mKeyId.resize(SHA256_LENGTH);
rv = DigestBufNSS(subjectPublicKeyInfo, DigestAlgorithm::sha256,
mKeyId.data(), mKeyId.size());

View File

@ -7,8 +7,6 @@
#ifndef CTLogVerifier_h
#define CTLogVerifier_h
#include <memory>
#include "CTKnownLogs.h"
#include "CTLog.h"
#include "CTUtils.h"
@ -72,11 +70,6 @@ class CTLogVerifier {
pkix::Result VerifySignature(const Buffer& data, const Buffer& signature,
SignatureCache* signatureCache);
// mPublicECKey works around an architectural deficiency in NSS. In the case
// of EC, if we don't create, import, and cache this key, NSS will import and
// verify it every signature verification, which is slow. For RSA, this is
// unused and will be null.
UniqueSECKEYPublicKey mPublicECKey;
Buffer mSubjectPublicKeyInfo;
Buffer mKeyId;
DigitallySigned::SignatureAlgorithm mSignatureAlgorithm;