NSS: {EC,RSA}PrivateKey shouldn't call crypto::GetPublicNSSKeySlot or GetPrivateNSSKeySlot.

crypto/ec_private_key.h

Index: crypto/ec_private_key.h
diff --git a/crypto/ec_private_key.h b/crypto/ec_private_key.h
index d3f5b73af605ca0a064736271acf249df84f7f39..28701635d50b21ea8143a7af233639a2c8fc68ef 100644
--- a/crypto/ec_private_key.h
+++ b/crypto/ec_private_key.h
@@ -18,6 +18,7 @@ typedef struct evp_pkey_st EVP_PKEY;
 #else
 // Forward declaration.
 typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo;
+typedef struct PK11SlotInfoStr PK11SlotInfo;
 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
 #endif
@@ -41,11 +42,12 @@ class CRYPTO_EXPORT ECPrivateKey {
   // TODO(mattm): Add a curve parameter.
   static ECPrivateKey* Create();
 
-  // Creates a new random instance. Can return NULL if initialization fails.
-  // The created key is permanent and is not exportable in plaintext form.
-  //
-  // NOTE: Currently only available if USE_NSS is defined.
-  static ECPrivateKey* CreateSensitive();
+#if defined(USE_NSS)
+  // Creates a new random instance in |slot|. Can return NULL if initialization
+  // fails.  The created key is permanent and is not exportable in plaintext
+  // form.
+  static ECPrivateKey* CreateSensitive(PK11SlotInfo* slot);
+#endif
 
   // Creates a new instance by importing an existing key pair.
   // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
@@ -56,24 +58,26 @@ class CRYPTO_EXPORT ECPrivateKey {
       const std::vector<uint8>& encrypted_private_key_info,
       const std::vector<uint8>& subject_public_key_info);
 
-  // Creates a new instance by importing an existing key pair.
+#if defined(USE_NSS)
+  // Creates a new instance in |slot| by importing an existing key pair.
   // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
   // block and an X.509 SubjectPublicKeyInfo block.
   // This can return NULL if initialization fails.  The created key is permanent
   // and is not exportable in plaintext form.
-  //
-  // NOTE: Currently only available if USE_NSS is defined.
   static ECPrivateKey* CreateSensitiveFromEncryptedPrivateKeyInfo(
+      PK11SlotInfo* slot,
       const std::string& password,
       const std::vector<uint8>& encrypted_private_key_info,
       const std::vector<uint8>& subject_public_key_info);
+#endif
 
 #if !defined(USE_OPENSSL)
-  // Imports the key pair and returns in |public_key| and |key|.
+  // Imports the key pair into |slot| and returns in |public_key| and |key|.
   // Shortcut for code that needs to keep a reference directly to NSS types
   // without having to create a ECPrivateKey object and make a copy of them.
   // TODO(mattm): move this function to some NSS util file.
   static bool ImportFromEncryptedPrivateKeyInfo(
+      PK11SlotInfo* slot,
       const std::string& password,
       const uint8* encrypted_private_key_info,
       size_t encrypted_private_key_info_len,
@@ -112,20 +116,24 @@ class CRYPTO_EXPORT ECPrivateKey {
   // Constructor is private. Use one of the Create*() methods above instead.
   ECPrivateKey();
 
+#if !defined(USE_OPENSSL)
   // Shared helper for Create() and CreateSensitive().
   // TODO(cmasone): consider replacing |permanent| and |sensitive| with a
   //                flags arg created by ORing together some enumerated values.
-  static ECPrivateKey* CreateWithParams(bool permanent,
+  static ECPrivateKey* CreateWithParams(PK11SlotInfo* slot,
+                                        bool permanent,
                                         bool sensitive);
 
   // Shared helper for CreateFromEncryptedPrivateKeyInfo() and
   // CreateSensitiveFromEncryptedPrivateKeyInfo().
   static ECPrivateKey* CreateFromEncryptedPrivateKeyInfoWithParams(
+      PK11SlotInfo* slot,
       const std::string& password,
       const std::vector<uint8>& encrypted_private_key_info,
       const std::vector<uint8>& subject_public_key_info,
       bool permanent,
       bool sensitive);
+#endif
 
 #if defined(USE_OPENSSL)
   EVP_PKEY* key_;