1372418 - remove the cached EC log keys from certificate transparency

Status: RESOLVED FIXED

(Core :: Security: PSM, task, P1)

Description

[Dana Keeler (she/her) [:keeler]]

In bug 1357226 we worked around that verifying EC keys is slow by importing them once and caching them. Unfortunately it looks like if a profile is in FIPS mode the PK11_ImportPublicKey call at CTLogVerifier.cpp:184 fails (even if the isToken parameter is false) if the user hasn't logged in yet (and since this is very early in startup, it's unlikely they've logged in at that point). This causes an assertion failure in debug builds at CertVerifier.cpp:240. In release builds, however, we just continue, so it looks like users aren't actually experiencing crashes due to this unless they're building and running their own debug versions. A similar thing may happen with the sql db because it requires some sort of password, unlikely the legacy db.

Comment 1

[Sylvestre Ledru [:Sylvestre]]

Moving to p3 because no activity for at least 1 year(s).
See https://github.com/mozilla/bug-handling/blob/master/policy/triage-bugzilla.md#how-do-you-triage for more information

Comment 2

[Dana Keeler (she/her) [:keeler]]

Now that we cache SCT signatures, we don't actually use these keys.

Comment 3

[Dana Keeler (she/her) [:keeler]]

Attachment: Bug 1372418 - certificate transparency: remove unnecessary cached EC keys r?jschanck

These are unnecessary as of bug 1918279 (caching the results of signature
verification).

Comment 4

[Pulsebot]

Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e46ba0e2868b
certificate transparency: remove unnecessary cached EC keys r=jschanck

Comment 5

[Sandor Molnar[:smolnar]]

https://hg.mozilla.org/mozilla-central/rev/e46ba0e2868b