NSS: {EC,RSA}PrivateKey shouldn't call crypto::GetPublicNSSKeySlot or GetPrivateNSSKeySlot.

crypto/rsa_private_key.h

Index: crypto/rsa_private_key.h
diff --git a/crypto/rsa_private_key.h b/crypto/rsa_private_key.h
index ad82148428a564519262c98fb503f1969eee1fdb..e1f81eb001e0d8aab0cc18e341b36ad3eef3ab5d 100644
--- a/crypto/rsa_private_key.h
+++ b/crypto/rsa_private_key.h
@@ -17,6 +17,10 @@
 #include "base/gtest_prod_util.h"
 #endif
 
+#if !defined(USE_OPENSSL)
+#include "crypto/scoped_nss_types.h"
+#endif
+
 #if defined(USE_OPENSSL)
 // Forward declaration for openssl/*.h
 typedef struct evp_pkey_st EVP_PKEY;
@@ -182,13 +186,14 @@ class CRYPTO_EXPORT RSAPrivateKey {
 #if defined(USE_NSS)
   // Create a new random instance. Can return NULL if initialization fails.
   // The created key is permanent and is not exportable in plaintext form.

[wtc, 2013/11/11 20:56:25]

We should mention the new |slot| argument. I guess only the methods that create
permanent keys need a |slot| argument.

[mattm, 2013/11/12 02:42:44]

Done.

-  static RSAPrivateKey* CreateSensitive(uint16 num_bits);
+  static RSAPrivateKey* CreateSensitive(ScopedPK11Slot slot, uint16 num_bits);

[wtc, 2013/11/11 20:56:25]

Is it necessary to pass ScopedPK11Slot rather than a plain PK11Slot* pointer?

What does it imply to pass ScopedPK11Slot? That the function is given a
reference to the PK11Slot?

[mattm, 2013/11/12 02:42:44]

Yeah, however it isn't really necessary for this case.  The "pass a bare pointer
and the function can take a ref if it wants one" convention is pretty clear I
think. Changed it so the callers just use a ScopedPK11Slot locally to hold the
reference while they call this.

 
   // Create a new instance by importing an existing private key. The format is
   // an ASN.1-encoded PrivateKeyInfo block from PKCS #8. This can return NULL if
   // initialization fails.
   // The created key is permanent and is not exportable in plaintext form.
   static RSAPrivateKey* CreateSensitiveFromPrivateKeyInfo(
+      ScopedPK11Slot slot,
       const std::vector<uint8>& input);
 
   // Create a new instance by referencing an existing private key
@@ -231,11 +236,13 @@ class CRYPTO_EXPORT RSAPrivateKey {
   // methods above instead.
   RSAPrivateKey();
 
+#if !defined(USE_OPENSSL)
   // Shared helper for Create() and CreateSensitive().
   // TODO(cmasone): consider replacing |permanent| and |sensitive| with a
   //                flags arg created by ORing together some enumerated values.
   // Note: |permanent| is only supported when USE_NSS is defined.
-  static RSAPrivateKey* CreateWithParams(uint16 num_bits,
+  static RSAPrivateKey* CreateWithParams(ScopedPK11Slot slot,
+                                         uint16 num_bits,
                                          bool permanent,
                                          bool sensitive);
 
@@ -243,9 +250,11 @@ class CRYPTO_EXPORT RSAPrivateKey {
   // CreateSensitiveFromPrivateKeyInfo().
   // Note: |permanent| is only supported when USE_NSS is defined.
   static RSAPrivateKey* CreateFromPrivateKeyInfoWithParams(
+      ScopedPK11Slot slot,
       const std::vector<uint8>& input,
       bool permanent,
       bool sensitive);
+#endif
 
 #if defined(USE_OPENSSL)
   EVP_PKEY* key_;