fix: revert os_crypt async cookie provider implementation (#49384)

* Revert "fix: provide explicit cookie encryption provider for cookie encryption (#49348)"

This reverts commit 95f097a392.

Co-authored-by: Keeley Hammond <khammond@slack-corp.com>

* Revert "fix: fix cookie encryption provider loading on Windows and Linux (#49371)"

This reverts commit 0e4ee9f03a.

Co-authored-by: Keeley Hammond <khammond@slack-corp.com>

* revert: 6996667: Reland "Port net::CookieCryptoDelegate to os_crypt async" | https://chromium-review.googlesource.com/c/chromium/src/+/6996667

Co-authored-by: Keeley Hammond <khammond@slack-corp.com>

* chore: update patch for 40-x-y

---------

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>
Co-authored-by: John Kleinschmidt <kleinschmidtorama@gmail.com>

BUILD.gn

@@ -464,8 +464,6 @@ source_set("electron_lib") {
     "//components/os_crypt/async/browser",
     "//components/os_crypt/async/browser:key_provider_interface",
     "//components/os_crypt/sync",
-    "//components/password_manager/core/browser:password_switches",
-    "//components/password_manager/core/common:features",
     "//components/pref_registry",
     "//components/prefs",
     "//components/security_state/content",
@@ -596,7 +594,6 @@ source_set("electron_lib") {
     use_libcxx_modules = false
 
     deps += [
-      "//components/os_crypt/async/browser:keychain_key_provider",
       "//components/os_crypt/common:keychain_password_mac",
       "//components/remote_cocoa/app_shim",
       "//components/remote_cocoa/browser",
@@ -659,8 +656,6 @@ source_set("electron_lib") {
       ":libnotify_loader",
       "//build/config/linux/gtk",
       "//components/crash/content/browser",
-      "//components/os_crypt/async/browser:freedesktop_secret_key_provider",
-      "//components/os_crypt/async/browser:posix_key_provider",
       "//dbus",
       "//device/bluetooth",
       "//third_party/crashpad/crashpad/client",
@@ -701,7 +696,6 @@ source_set("electron_lib") {
     deps += [
       "//components/app_launch_prefetch",
       "//components/crash/core/app:crash_export_thunks",
-      "//components/os_crypt/async/browser:dpapi_key_provider",
       "//third_party/libxml:xml_writer",
       "//ui/wm",
       "//ui/wm/public",

patches/chromium/.patches

@@ -143,3 +143,4 @@ chore_disable_protocol_handler_dcheck.patch
 fix_check_for_file_existence_before_setting_mtime.patch
 viz_create_isbufferqueuesupportedandenabled.patch
 viz_fix_visual_artifacts_while_resizing_window_with_dcomp.patch
+fix_os_crypt_async_cookie_encryption.patch

patches/chromium/fix_os_crypt_async_cookie_encryption.patch

@@ -0,0 +1,786 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Keeley Hammond <khammond@slack-corp.com>
+Date: Tue, 13 Jan 2026 13:26:29 -0800
+Subject: fix: revert OS_Crypt Async in Cookie Encryption
+
+Electron 40/M144 uses os_crypt async by default for cookie store
+providers when using cookie encryption. We need time to properly
+implement this in Electron and make sure the async logic is
+working properly.
+
+This patch reverts the port of os_crypt async and falls back to
+the old sync logic to unlock Electron 40. This patch can be removed
+when os_crypt async is added to Electron.
+
+Revert "Reland "Port net::CookieCryptoDelegate to os_crypt async""
+
+This reverts commit f01b115c7e21a09cc762f65bf7fd9c6ea9d9d0f8.
+
+diff --git a/chrome/browser/BUILD.gn b/chrome/browser/BUILD.gn
+index 563bfe0bd5d2fef7a6525ec69d9e8bd11ac55150..56ac425920e17f0130d9102392d438ec0ac54a00 100644
+--- a/chrome/browser/BUILD.gn
++++ b/chrome/browser/BUILD.gn
+@@ -747,6 +747,8 @@ static_library("browser") {
+     "net/chrome_report_sender.h",
+     "net/convert_explicitly_allowed_network_ports_pref.cc",
+     "net/convert_explicitly_allowed_network_ports_pref.h",
++    "net/cookie_encryption_provider_impl.cc",
++    "net/cookie_encryption_provider_impl.h",
+     "net/default_dns_over_https_config_source.cc",
+     "net/default_dns_over_https_config_source.h",
+     "net/dns_over_https_config_source.h",
+diff --git a/chrome/browser/extensions/chrome_extension_cookies.cc b/chrome/browser/extensions/chrome_extension_cookies.cc
+index fc13abe302557d38cfce798d46551989337abb2c..22eac75cf685039796ecf40e7d86c9f54084a08b 100644
+--- a/chrome/browser/extensions/chrome_extension_cookies.cc
++++ b/chrome/browser/extensions/chrome_extension_cookies.cc
+@@ -6,7 +6,6 @@
+ 
+ #include <optional>
+ 
+-#include "chrome/browser/browser_process.h"
+ #include "chrome/browser/content_settings/cookie_settings_factory.h"
+ #include "chrome/browser/content_settings/host_content_settings_map_factory.h"
+ #include "chrome/browser/extensions/chrome_extension_cookies_factory.h"
+@@ -49,9 +48,7 @@ ChromeExtensionCookies::ChromeExtensionCookies(Profile* profile)
+         profile_->GetPath().Append(chrome::kExtensionsCookieFilename),
+         profile_->ShouldRestoreOldSessionCookies(),
+         profile_->ShouldPersistSessionCookies()));
+-    creation_config->crypto_delegate = cookie_config::GetCookieCryptoDelegate(
+-        g_browser_process->os_crypt_async(),
+-        content::GetUIThreadTaskRunner({}));
++    creation_config->crypto_delegate = cookie_config::GetCookieCryptoDelegate();
+   }
+   creation_config->cookieable_schemes.push_back(extensions::kExtensionScheme);
+ 
+diff --git a/chrome/browser/net/chrome_network_service_browsertest.cc b/chrome/browser/net/chrome_network_service_browsertest.cc
+index fa37d56b3a3b1e324ca121992fd7b54a945d75f7..05d4d5eaecf119a956210539f601b8f437aaa788 100644
+--- a/chrome/browser/net/chrome_network_service_browsertest.cc
++++ b/chrome/browser/net/chrome_network_service_browsertest.cc
+@@ -5,7 +5,6 @@
+ #include "base/feature_list.h"
+ #include "base/files/file_path.h"
+ #include "base/files/file_util.h"
+-#include "base/task/sequenced_task_runner.h"
+ #include "base/test/bind.h"
+ #include "base/test/scoped_feature_list.h"
+ #include "base/threading/thread_restrictions.h"
+@@ -20,7 +19,6 @@
+ #include "chrome/test/base/in_process_browser_test.h"
+ #include "chrome/test/base/ui_test_utils.h"
+ #include "components/cookie_config/cookie_store_util.h"
+-#include "components/os_crypt/async/browser/test_utils.h"
+ #include "content/public/browser/browser_context.h"
+ #include "content/public/browser/network_service_instance.h"
+ #include "content/public/browser/network_service_util.h"
+@@ -139,16 +137,10 @@ class ChromeNetworkServiceBrowserTest
+ IN_PROC_BROWSER_TEST_P(ChromeNetworkServiceBrowserTest,
+                        PRE_PRE_EncryptedCookies) {
+   // These test is only valid if crypto is enabled on the platform.
+-  auto os_crypt_async = os_crypt_async::GetTestOSCryptAsyncForTesting(
+-      /*is_sync_for_unittests=*/true);
+-  auto crypto_delegate = cookie_config::GetCookieCryptoDelegate(
+-      os_crypt_async.get(), base::SequencedTaskRunner::GetCurrentDefault());
++  auto crypto_delegate = cookie_config::GetCookieCryptoDelegate();
+   if (!crypto_delegate) {
+     GTEST_SKIP() << "No crypto on this platform.";
+   }
+-  base::RunLoop run_loop;
+-  crypto_delegate->Init(run_loop.QuitClosure());
+-  run_loop.Run();
+   std::string ciphertext;
+   crypto_delegate->EncryptString(kCookieValue, &ciphertext);
+   ASSERT_NE(ciphertext, kCookieValue) << "Crypto should really encrypt.";
+diff --git a/services/network/public/cpp/cookie_encryption_provider_impl.cc b/chrome/browser/net/cookie_encryption_provider_impl.cc
+similarity index 71%
+rename from services/network/public/cpp/cookie_encryption_provider_impl.cc
+rename to chrome/browser/net/cookie_encryption_provider_impl.cc
+index 52fedf2057b963951be560a362fec28208c2a4b5..3f770666618f2df56b8cd6855766418d319481f0 100644
+--- a/services/network/public/cpp/cookie_encryption_provider_impl.cc
++++ b/chrome/browser/net/cookie_encryption_provider_impl.cc
+@@ -1,19 +1,18 @@
+-// Copyright 2025 The Chromium Authors
++// Copyright 2024 The Chromium Authors
+ // Use of this source code is governed by a BSD-style license that can be
+ // found in the LICENSE file.
+ 
+-#include "services/network/public/cpp/cookie_encryption_provider_impl.h"
++#include "chrome/browser/net/cookie_encryption_provider_impl.h"
+ 
++#include "chrome/browser/browser_process.h"
+ #include "components/os_crypt/async/browser/os_crypt_async.h"
+ 
+-CookieEncryptionProviderImpl::CookieEncryptionProviderImpl(
+-    os_crypt_async::OSCryptAsync* os_crypt_async)
+-    : os_crypt_async_(os_crypt_async) {}
++CookieEncryptionProviderImpl::CookieEncryptionProviderImpl() = default;
+ 
+ CookieEncryptionProviderImpl::~CookieEncryptionProviderImpl() = default;
+ 
+ void CookieEncryptionProviderImpl::GetEncryptor(GetEncryptorCallback callback) {
+-  os_crypt_async_->GetInstance(base::BindOnce(
++  g_browser_process->os_crypt_async()->GetInstance(base::BindOnce(
+       [](GetEncryptorCallback callback, os_crypt_async::Encryptor encryptor) {
+         std::move(callback).Run(std::move(encryptor));
+       },
+diff --git a/services/network/public/cpp/cookie_encryption_provider_impl.h b/chrome/browser/net/cookie_encryption_provider_impl.h
+similarity index 65%
+rename from services/network/public/cpp/cookie_encryption_provider_impl.h
+rename to chrome/browser/net/cookie_encryption_provider_impl.h
+index 8f80cabd7c919c682e603ff6af0c12ae4431e366..68df8a7a04e9a8455b7143432173d9e48dc1ea5e 100644
+--- a/services/network/public/cpp/cookie_encryption_provider_impl.h
++++ b/chrome/browser/net/cookie_encryption_provider_impl.h
+@@ -1,27 +1,20 @@
+-// Copyright 2025 The Chromium Authors
++// Copyright 2024 The Chromium Authors
+ // Use of this source code is governed by a BSD-style license that can be
+ // found in the LICENSE file.
+ 
+-#ifndef SERVICES_NETWORK_PUBLIC_CPP_COOKIE_ENCRYPTION_PROVIDER_IMPL_H_
+-#define SERVICES_NETWORK_PUBLIC_CPP_COOKIE_ENCRYPTION_PROVIDER_IMPL_H_
++#ifndef CHROME_BROWSER_NET_COOKIE_ENCRYPTION_PROVIDER_IMPL_H_
++#define CHROME_BROWSER_NET_COOKIE_ENCRYPTION_PROVIDER_IMPL_H_
+ 
+-#include "base/component_export.h"
+-#include "base/memory/raw_ptr.h"
+ #include "components/os_crypt/async/common/encryptor.h"
+ #include "mojo/public/cpp/bindings/receiver_set.h"
+ #include "services/network/public/mojom/cookie_encryption_provider.mojom.h"
+ 
+-namespace os_crypt_async {
+-class OSCryptAsync;
+-}
+-
+ // Implementation of CookieEncryptionProvider interface. This is Windows only
+ // for now, but will be expanded to other platforms in future.
+-class COMPONENT_EXPORT(NETWORK_CPP) CookieEncryptionProviderImpl
++class CookieEncryptionProviderImpl
+     : public network::mojom::CookieEncryptionProvider {
+  public:
+-  explicit CookieEncryptionProviderImpl(
+-      os_crypt_async::OSCryptAsync* os_crypt_async);
++  CookieEncryptionProviderImpl();
+   ~CookieEncryptionProviderImpl() override;
+ 
+   CookieEncryptionProviderImpl(const CookieEncryptionProviderImpl&) = delete;
+@@ -37,7 +30,6 @@ class COMPONENT_EXPORT(NETWORK_CPP) CookieEncryptionProviderImpl
+ 
+  private:
+   mojo::ReceiverSet<network::mojom::CookieEncryptionProvider> receivers_;
+-  raw_ptr<os_crypt_async::OSCryptAsync> os_crypt_async_;
+ };
+ 
+-#endif  // SERVICES_NETWORK_PUBLIC_CPP_COOKIE_ENCRYPTION_PROVIDER_IMPL_H_
++#endif  // CHROME_BROWSER_NET_COOKIE_ENCRYPTION_PROVIDER_IMPL_H_
+diff --git a/chrome/browser/net/cookie_encryption_provider_interactive_uitest.cc b/chrome/browser/net/cookie_encryption_provider_interactive_uitest.cc
+index b862afe7663111a6cbd342d33723942770bb0490..9dc46cedb109cea63bf71aa43fc7a2b64730ed12 100644
+--- a/chrome/browser/net/cookie_encryption_provider_interactive_uitest.cc
++++ b/chrome/browser/net/cookie_encryption_provider_interactive_uitest.cc
+@@ -13,6 +13,7 @@
+ #include "base/test/test_future.h"
+ #include "build/config/linux/dbus/buildflags.h"
+ #include "chrome/browser/browser_features.h"
++#include "chrome/browser/net/cookie_encryption_provider_impl.h"
+ #include "chrome/browser/policy/chrome_browser_policy_connector.h"
+ #include "chrome/browser/profiles/profile.h"
+ #include "chrome/browser/ui/browser.h"
+@@ -25,7 +26,6 @@
+ #include "content/public/test/browser_test.h"
+ #include "content/public/test/test_launcher.h"
+ #include "net/cookies/canonical_cookie.h"
+-#include "services/network/public/cpp/cookie_encryption_provider_impl.h"
+ #include "services/network/public/mojom/cookie_manager.mojom.h"
+ #include "services/network/public/mojom/network_context.mojom.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+diff --git a/chrome/browser/net/system_network_context_manager.cc b/chrome/browser/net/system_network_context_manager.cc
+index 63c1941becda2f3c33b31d060f7b817425e72ed9..6638517850731606cf832261e1920e630ad9a2ee 100644
+--- a/chrome/browser/net/system_network_context_manager.cc
++++ b/chrome/browser/net/system_network_context_manager.cc
+@@ -915,13 +915,8 @@ void SystemNetworkContextManager::DisableQuic() {
+ void SystemNetworkContextManager::
+     AddCookieEncryptionManagerToNetworkContextParams(
+         network::mojom::NetworkContextParams* network_context_params) {
+-  if (!cookie_encryption_provider_) {
+-    cookie_encryption_provider_ =
+-        std::make_unique<CookieEncryptionProviderImpl>(
+-            g_browser_process->os_crypt_async());
+-  }
+   network_context_params->cookie_encryption_provider =
+-      cookie_encryption_provider_->BindNewRemote();
++      cookie_encryption_provider_.BindNewRemote();
+ }
+ 
+ void SystemNetworkContextManager::AddSSLConfigToNetworkContextParams(
+diff --git a/chrome/browser/net/system_network_context_manager.h b/chrome/browser/net/system_network_context_manager.h
+index 3e2382418337c22625abfd8ee4f5b04f8dbb8059..600242238eeb41705ac74a24f8682d791cc4c84e 100644
+--- a/chrome/browser/net/system_network_context_manager.h
++++ b/chrome/browser/net/system_network_context_manager.h
+@@ -14,6 +14,7 @@
+ #include "base/memory/raw_ptr.h"
+ #include "base/memory/scoped_refptr.h"
+ #include "chrome/browser/net/cert_verifier_service_time_updater.h"
++#include "chrome/browser/net/cookie_encryption_provider_impl.h"
+ #include "chrome/browser/net/proxy_config_monitor.h"
+ #include "chrome/browser/net/stub_resolver_config_reader.h"
+ #include "chrome/browser/ssl/ssl_config_service_manager.h"
+@@ -23,7 +24,6 @@
+ #include "mojo/public/cpp/bindings/pending_receiver.h"
+ #include "mojo/public/cpp/bindings/remote.h"
+ #include "services/cert_verifier/public/mojom/cert_verifier_service_factory.mojom-forward.h"
+-#include "services/network/public/cpp/cookie_encryption_provider_impl.h"
+ #include "services/network/public/mojom/host_resolver.mojom-forward.h"
+ #include "services/network/public/mojom/network_context.mojom.h"
+ #include "services/network/public/mojom/network_service.mojom.h"
+@@ -302,7 +302,7 @@ class SystemNetworkContextManager {
+   GssapiLibraryLoadObserver gssapi_library_loader_observer_{this};
+ #endif  // BUILDFLAG(IS_LINUX)
+ 
+-  std::unique_ptr<CookieEncryptionProviderImpl> cookie_encryption_provider_;
++  CookieEncryptionProviderImpl cookie_encryption_provider_;
+ 
+   std::unique_ptr<CertVerifierServiceTimeUpdater> cert_verifier_time_updater_;
+ };
+diff --git a/components/cookie_config/BUILD.gn b/components/cookie_config/BUILD.gn
+index e348b0d1a59470c5cf153ae02e420b9dd6bd1892..a7a51003386fe7b62aaf5b7008c63acefd428942 100644
+--- a/components/cookie_config/BUILD.gn
++++ b/components/cookie_config/BUILD.gn
+@@ -13,7 +13,7 @@ component("cookie_config") {
+   public_deps = [ "//base" ]
+ 
+   deps = [
+-    "//components/os_crypt/async/browser",
++    "//components/os_crypt/sync",
+     "//net:extras",
+   ]
+ }
+diff --git a/components/cookie_config/DEPS b/components/cookie_config/DEPS
+index 2c847bf159af83cd12bb343deff0cae9957a4183..a428c0b502bee622fbc7eff7d83a2e8500c058df 100644
+--- a/components/cookie_config/DEPS
++++ b/components/cookie_config/DEPS
+@@ -1,4 +1,4 @@
+ include_rules = [
+-  "+components/os_crypt/async",
++  "+components/os_crypt/sync",
+   "+net/extras/sqlite",
+ ]
+diff --git a/components/cookie_config/cookie_store_util.cc b/components/cookie_config/cookie_store_util.cc
+index 55742de998756cbcd686d13a77b2a695eda06884..e7efdfe3a5ecae3b5461bba469f0377b3c920b21 100644
+--- a/components/cookie_config/cookie_store_util.cc
++++ b/components/cookie_config/cookie_store_util.cc
+@@ -5,12 +5,8 @@
+ #include "components/cookie_config/cookie_store_util.h"
+ 
+ #include "base/functional/callback.h"
+-#include "base/memory/scoped_refptr.h"
+-#include "base/memory/weak_ptr.h"
+-#include "base/task/sequenced_task_runner.h"
+ #include "build/build_config.h"
+-#include "components/os_crypt/async/browser/os_crypt_async.h"
+-#include "components/os_crypt/async/common/encryptor.h"
++#include "components/os_crypt/sync/os_crypt.h"
+ #include "net/extras/sqlite/cookie_crypto_delegate.h"
+ 
+ namespace cookie_config {
+@@ -19,123 +15,40 @@ namespace cookie_config {
+     BUILDFLAG(IS_CHROMEOS)
+ namespace {
+ 
+-void OnOsCryptReadyOnUi(
+-    base::OnceCallback<void(os_crypt_async::Encryptor)> callback,
+-    scoped_refptr<base::SequencedTaskRunner> task_runner,
+-    os_crypt_async::Encryptor encryptor) {
+-  task_runner->PostTask(
+-      FROM_HERE, base::BindOnce(std::move(callback), std::move(encryptor)));
+-}
+-
+-void InitOnUi(base::OnceCallback<void(os_crypt_async::Encryptor)> callback,
+-              os_crypt_async::OSCryptAsync* os_crypt_async,
+-              scoped_refptr<base::SequencedTaskRunner> task_runner) {
+-  os_crypt_async->GetInstance(
+-      base::BindOnce(&OnOsCryptReadyOnUi, std::move(callback),
+-                     std::move(task_runner)),
+-      os_crypt_async::Encryptor::Option::kEncryptSyncCompat);
+-}
+-
+ // Use the operating system's mechanisms to encrypt cookies before writing
+ // them to persistent store.  Currently this only is done with desktop OS's
+ // because ChromeOS and Android already protect the entire profile contents.
+ class CookieOSCryptoDelegate : public net::CookieCryptoDelegate {
+  public:
+-  CookieOSCryptoDelegate(
+-      os_crypt_async::OSCryptAsync* os_crypt_async,
+-      scoped_refptr<base::SequencedTaskRunner> ui_task_runner);
+-
+-  CookieOSCryptoDelegate(const CookieOSCryptoDelegate&) = delete;
+-  CookieOSCryptoDelegate& operator=(const CookieOSCryptoDelegate&) = delete;
+-
+-  ~CookieOSCryptoDelegate() override;
+-
+-  // net::CookieCryptoDelegate implementation:
+   void Init(base::OnceClosure callback) override;
+   bool EncryptString(const std::string& plaintext,
+                      std::string* ciphertext) override;
+   bool DecryptString(const std::string& ciphertext,
+                      std::string* plaintext) override;
+-
+- private:
+-  void OnOsCryptReady(os_crypt_async::Encryptor encryptor);
+-
+-  raw_ptr<os_crypt_async::OSCryptAsync> os_crypt_async_;
+-  scoped_refptr<base::SequencedTaskRunner> ui_task_runner_;
+-  std::optional<os_crypt_async::Encryptor> encryptor_;
+-
+-  bool initializing_ = false;
+-  std::vector<base::OnceClosure> init_callbacks_;
+-
+-  base::WeakPtrFactory<CookieOSCryptoDelegate> weak_ptr_factory_{this};
+ };
+ 
+-CookieOSCryptoDelegate::CookieOSCryptoDelegate(
+-    os_crypt_async::OSCryptAsync* os_crypt_async,
+-    scoped_refptr<base::SequencedTaskRunner> ui_task_runner)
+-    : os_crypt_async_(os_crypt_async), ui_task_runner_(ui_task_runner) {}
+-
+-CookieOSCryptoDelegate::~CookieOSCryptoDelegate() = default;
+-
+ void CookieOSCryptoDelegate::Init(base::OnceClosure callback) {
+-  if (encryptor_.has_value()) {
+-    std::move(callback).Run();
+-    return;
+-  }
+-
+-  init_callbacks_.emplace_back(std::move(callback));
+-  if (initializing_) {
+-    return;
+-  }
+-  initializing_ = true;
+-
+-  // PostTaskAndReplyWithResult can't be used here because
+-  // OSCryptAsync::GetInstance() is async.
+-  ui_task_runner_->PostTask(
+-      FROM_HERE,
+-      base::BindOnce(&InitOnUi,
+-                     base::BindOnce(&CookieOSCryptoDelegate::OnOsCryptReady,
+-                                    weak_ptr_factory_.GetWeakPtr()),
+-                     os_crypt_async_,
+-                     base::SequencedTaskRunner::GetCurrentDefault()));
+-  os_crypt_async_ = nullptr;
++  std::move(callback).Run();
+ }
+ 
+ bool CookieOSCryptoDelegate::EncryptString(const std::string& plaintext,
+                                            std::string* ciphertext) {
+-  CHECK(encryptor_) << "EncryptString called before Init completed";
+-  return encryptor_->EncryptString(plaintext, ciphertext);
++  return OSCrypt::EncryptString(plaintext, ciphertext);
+ }
+ 
+ bool CookieOSCryptoDelegate::DecryptString(const std::string& ciphertext,
+                                            std::string* plaintext) {
+-  CHECK(encryptor_) << "DecryptString called before Init completed";
+-  return encryptor_->DecryptString(ciphertext, plaintext);
+-}
+-
+-void CookieOSCryptoDelegate::OnOsCryptReady(
+-    os_crypt_async::Encryptor encryptor) {
+-  encryptor_ = std::move(encryptor);
+-  initializing_ = false;
+-  for (auto& callback : init_callbacks_) {
+-    std::move(callback).Run();
+-  }
+-  init_callbacks_.clear();
++  return OSCrypt::DecryptString(ciphertext, plaintext);
+ }
+ 
+ }  // namespace
+ 
+-std::unique_ptr<net::CookieCryptoDelegate> GetCookieCryptoDelegate(
+-    os_crypt_async::OSCryptAsync* os_crypt_async,
+-    scoped_refptr<base::SequencedTaskRunner> ui_task_runner) {
+-  return std::make_unique<CookieOSCryptoDelegate>(os_crypt_async,
+-                                                  ui_task_runner);
++std::unique_ptr<net::CookieCryptoDelegate> GetCookieCryptoDelegate() {
++  return std::make_unique<CookieOSCryptoDelegate>();
+ }
+ #else   // BUILDFLAG(IS_WIN) || BUILDFLAG(IS_MAC) || BUILDFLAG(IS_LINUX) ||
+         // BUILDFLAG(IS_CHROMEOS)
+-std::unique_ptr<net::CookieCryptoDelegate> GetCookieCryptoDelegate(
+-    os_crypt_async::OSCryptAsync* os_crypt_async,
+-    scoped_refptr<base::SequencedTaskRunner> ui_task_runner) {
++std::unique_ptr<net::CookieCryptoDelegate> GetCookieCryptoDelegate() {
+   return nullptr;
+ }
+ #endif  // BUILDFLAG(IS_WIN) || BUILDFLAG(IS_MAC) || BUILDFLAG(IS_LINUX) ||
+diff --git a/components/cookie_config/cookie_store_util.h b/components/cookie_config/cookie_store_util.h
+index 9d142e9f13fb0d30d5795c2a82f2cbc5274d381c..1e1b7ebc234d7e3f981e023fe49cd0b13ed62c6e 100644
+--- a/components/cookie_config/cookie_store_util.h
++++ b/components/cookie_config/cookie_store_util.h
+@@ -8,28 +8,17 @@
+ #include <memory>
+ 
+ #include "base/component_export.h"
+-#include "base/memory/scoped_refptr.h"
+-
+-namespace base {
+-class SequencedTaskRunner;
+-}
+ 
+ namespace net {
+ class CookieCryptoDelegate;
+ }  // namespace net
+ 
+-namespace os_crypt_async {
+-class OSCryptAsync;
+-}  // namespace os_crypt_async
+-
+ namespace cookie_config {
+ 
+ // Factory method for returning a CookieCryptoDelegate if one is appropriate for
+ // this platform.
+ COMPONENT_EXPORT(COMPONENTS_COOKIE_CONFIG)
+-std::unique_ptr<net::CookieCryptoDelegate> GetCookieCryptoDelegate(
+-    os_crypt_async::OSCryptAsync* os_crypt_async,
+-    scoped_refptr<base::SequencedTaskRunner> ui_task_runner);
++std::unique_ptr<net::CookieCryptoDelegate> GetCookieCryptoDelegate();
+ 
+ }  // namespace cookie_config
+ 
+diff --git a/components/os_crypt/sync/BUILD.gn b/components/os_crypt/sync/BUILD.gn
+index bb308187837371ecfa2482affaf35ac7ed98c1f3..1e554fe95b0521a883ced83fc67f5d52a3d45759 100644
+--- a/components/os_crypt/sync/BUILD.gn
++++ b/components/os_crypt/sync/BUILD.gn
+@@ -12,7 +12,13 @@ component("sync") {
+   visibility = [
+     "//electron:*",
+     "//chrome/browser",
++    "//chrome/browser/prefs:impl",
++    "//chrome/browser/ui",
++    "//chrome/browser/web_applications",
+     "//chrome/test:test_support",
++    "//components/autofill/content/browser",
++    "//components/cookie_config",
++    "//components/gcm_driver",
+     "//components/os_crypt/async/browser:dpapi_key_provider",
+     "//components/os_crypt/async/browser:freedesktop_secret_key_provider",
+     "//components/os_crypt/async/browser:keychain_key_provider",
+@@ -22,18 +28,24 @@ component("sync") {
+     "//components/os_crypt/async/common:unit_tests",
+     "//components/os_crypt/sync:test_support",
+     "//components/os_crypt/sync:unit_tests",
++    "//components/password_manager/core/browser",
++    "//components/password_manager/core/browser:hash_password_manager",
++    "//components/password_manager/core/browser:unit_tests",
++    "//components/password_manager/core/browser/password_store:password_store_impl",
++    "//components/password_manager/core/browser/password_store:unit_tests",
+     "//components/signin/core/browser",
+     "//components/sync:unit_tests",
+     "//components/sync/nigori",
+     "//components/sync/service",
++    "//components/trusted_vault",
++    "//components/trusted_vault:unit_tests",
++    "//content/browser",
+     "//headless:headless_non_renderer",
++    "//headless:headless_shell_lib",
+     "//ios/chrome/browser/web/model:web_internal",
+     "//services/network:network_service",
+     "//services/test/echo:lib",
+   ]
+-  if (is_mac) {
+-    visibility += [ "//headless:headless_shell_lib" ]
+-  }
+ 
+   sources = [
+     "os_crypt.h",
+diff --git a/headless/BUILD.gn b/headless/BUILD.gn
+index 3b7ac1e77fb8f1696e6fea46e5e76fd05151b6c0..fa9731f028cf2e2ba7c821e67d3fca95f3e16f36 100644
+--- a/headless/BUILD.gn
++++ b/headless/BUILD.gn
+@@ -373,7 +373,6 @@ component("headless_non_renderer") {
+     "//components/keyed_service/content",
+     "//components/origin_trials:browser",
+     "//components/origin_trials:common",
+-    "//components/os_crypt/async/browser",
+     "//components/os_crypt/sync",
+     "//components/policy:generated",
+     "//components/policy/content",
+diff --git a/headless/lib/browser/DEPS b/headless/lib/browser/DEPS
+index 75d0960a5964fabf518d0b8b2f67e29e9b3d6fe6..8261f1ab27597459726063cc6faa2a5ed0bfce17 100644
+--- a/headless/lib/browser/DEPS
++++ b/headless/lib/browser/DEPS
+@@ -44,7 +44,6 @@ specific_include_rules = {
+   "headless_browser_impl.*": [
+     "+services/device/public/cpp/geolocation/system_geolocation_source_apple.h",
+     "+services/device/public/cpp/geolocation/geolocation_system_permission_manager.h",
+-    "+components/os_crypt/async",
+     "+components/password_manager/core/browser/password_manager_switches.h",
+     "+components/policy",
+     "+components/prefs",
+@@ -53,9 +52,6 @@ specific_include_rules = {
+     "+components/metrics",
+     "+components/variations",
+   ],
+-  "headless_request_context_manager.cc": [
+-    "+components/os_crypt/async/browser",
+-  ],
+   "headless_browser_impl_unittest.cc": [
+     "+third_party/blink/public/common/features.h",
+   ],
+diff --git a/headless/lib/browser/headless_browser_context_impl.cc b/headless/lib/browser/headless_browser_context_impl.cc
+index f664e9994a3c38ef2aa30773f6ca4668451dd76c..ad83a721a8bf17225af7d2c5954ecdd82cf8e1dc 100644
+--- a/headless/lib/browser/headless_browser_context_impl.cc
++++ b/headless/lib/browser/headless_browser_context_impl.cc
+@@ -77,7 +77,7 @@ HeadlessBrowserContextImpl::HeadlessBrowserContextImpl(
+           ? base::FilePath()
+           : path_;
+   request_context_manager_ = std::make_unique<HeadlessRequestContextManager>(
+-      context_options_.get(), user_data_path, browser->os_crypt_async());
++      context_options_.get(), user_data_path);
+   profile_metrics::SetBrowserProfileType(
+       this, IsOffTheRecord() ? profile_metrics::BrowserProfileType::kIncognito
+                              : profile_metrics::BrowserProfileType::kRegular);
+diff --git a/headless/lib/browser/headless_browser_impl.cc b/headless/lib/browser/headless_browser_impl.cc
+index f0c79ccd63e102c4ef51535f476ceddc6c5156a9..c1e9430b3f5b67338f204ca5563a02c2da87cd49 100644
+--- a/headless/lib/browser/headless_browser_impl.cc
++++ b/headless/lib/browser/headless_browser_impl.cc
+@@ -16,8 +16,6 @@
+ #include "base/task/single_thread_task_runner.h"
+ #include "build/config/linux/dbus/buildflags.h"
+ #include "components/embedder_support/user_agent_utils.h"
+-#include "components/os_crypt/async/browser/os_crypt_async.h"
+-#include "components/os_crypt/async/common/encryptor.h"
+ #include "components/version_info/version_info.h"
+ #include "content/public/browser/browser_task_traits.h"
+ #include "content/public/browser/browser_thread.h"
+@@ -212,8 +210,7 @@ void HeadlessBrowserImpl::SetDefaultBrowserContext(
+   if (default_browser_context_ && !system_request_context_manager_) {
+     system_request_context_manager_ =
+         HeadlessRequestContextManager::CreateSystemContext(
+-            HeadlessBrowserContextImpl::From(browser_context)->options(),
+-            os_crypt_async());
++            HeadlessBrowserContextImpl::From(browser_context)->options());
+   }
+ }
+ 
+@@ -269,8 +266,6 @@ bool HeadlessBrowserImpl::ShouldStartDevToolsServer() {
+ }
+ 
+ void HeadlessBrowserImpl::PreMainMessageLoopRun() {
+-  CreateOSCryptAsync();
+-
+   platform_delegate_->Initialize(options_.value());
+ 
+   // We don't support the tethering domain on this agent host.
+@@ -287,7 +282,6 @@ void HeadlessBrowserImpl::WillRunMainMessageLoop(base::RunLoop& run_loop) {
+ }
+ 
+ void HeadlessBrowserImpl::PostMainMessageLoopRun() {
+-  os_crypt_async_.reset();
+ #if defined(HEADLESS_USE_PREFS)
+   if (local_state_) {
+     local_state_->CommitPendingWrite();
+diff --git a/headless/lib/browser/headless_browser_impl.h b/headless/lib/browser/headless_browser_impl.h
+index 1d9ba1861de0065cb059710fab7b619c0df55216..e08bf0a94e8b06dea68a86560b903523e1d78a9a 100644
+--- a/headless/lib/browser/headless_browser_impl.h
++++ b/headless/lib/browser/headless_browser_impl.h
+@@ -31,10 +31,6 @@ class PolicyService;
+ class PrefService;
+ #endif
+ 
+-namespace os_crypt_async {
+-class OSCryptAsync;
+-}
+-
+ namespace ui {
+ class Compositor;
+ }
+@@ -99,10 +95,6 @@ class HEADLESS_EXPORT HeadlessBrowserImpl : public HeadlessBrowser {
+ 
+   int exit_code() const { return exit_code_; }
+ 
+-  os_crypt_async::OSCryptAsync* os_crypt_async() {
+-    return os_crypt_async_.get();
+-  }
+-
+ #if defined(HEADLESS_USE_PREFS)
+   void CreatePrefService();
+   PrefService* GetPrefs();
+@@ -121,8 +113,6 @@ class HEADLESS_EXPORT HeadlessBrowserImpl : public HeadlessBrowser {
+ 
+   int exit_code_ = 0;
+ 
+-  std::unique_ptr<os_crypt_async::OSCryptAsync> os_crypt_async_;
+-
+   base::flat_map<std::string, std::unique_ptr<HeadlessBrowserContextImpl>>
+       browser_contexts_;
+   raw_ptr<HeadlessBrowserContext, AcrossTasksDanglingUntriaged>
+diff --git a/headless/lib/browser/headless_request_context_manager.cc b/headless/lib/browser/headless_request_context_manager.cc
+index 6c4ce0a6fa6624cace08bfdb2c62b12836a744fa..fe1a11f94a709400434fb41a5bdcdb8f4d47a959 100644
+--- a/headless/lib/browser/headless_request_context_manager.cc
++++ b/headless/lib/browser/headless_request_context_manager.cc
+@@ -11,7 +11,6 @@
+ #include "base/task/single_thread_task_runner.h"
+ #include "build/build_config.h"
+ #include "components/embedder_support/switches.h"
+-#include "components/os_crypt/async/browser/os_crypt_async.h"
+ #include "content/public/browser/browser_thread.h"
+ #include "content/public/browser/network_service_instance.h"
+ #include "headless/lib/browser/headless_browser_context_options.h"
+@@ -138,10 +137,9 @@ class HeadlessProxyConfigMonitor
+ // static
+ std::unique_ptr<HeadlessRequestContextManager>
+ HeadlessRequestContextManager::CreateSystemContext(
+-    const HeadlessBrowserContextOptions* options,
+-    os_crypt_async::OSCryptAsync* os_crypt_async) {
++    const HeadlessBrowserContextOptions* options) {
+   auto manager = std::make_unique<HeadlessRequestContextManager>(
+-      options, base::FilePath(), os_crypt_async);
++      options, base::FilePath());
+ 
+   base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
+   auto auth_params = ::network::mojom::HttpAuthDynamicParams::New();
+@@ -172,8 +170,7 @@ HeadlessRequestContextManager::CreateSystemContext(
+ 
+ HeadlessRequestContextManager::HeadlessRequestContextManager(
+     const HeadlessBrowserContextOptions* options,
+-    base::FilePath user_data_path,
+-    os_crypt_async::OSCryptAsync* os_crypt_async)
++    base::FilePath user_data_path)
+     :
+ // On Windows, Cookie encryption requires access to local_state prefs.
+ #if BUILDFLAG(IS_WIN) && !defined(HEADLESS_USE_PREFS)
+@@ -183,7 +180,6 @@ HeadlessRequestContextManager::HeadlessRequestContextManager(
+           !base::CommandLine::ForCurrentProcess()->HasSwitch(
+               switches::kDisableCookieEncryption)),
+ #endif
+-      os_crypt_async_(os_crypt_async),
+       user_data_path_(std::move(user_data_path)),
+       disk_cache_dir_(options->disk_cache_dir()),
+       accept_language_(options->accept_language()),
+@@ -192,10 +188,6 @@ HeadlessRequestContextManager::HeadlessRequestContextManager(
+           options->proxy_config()
+               ? std::make_unique<net::ProxyConfig>(*options->proxy_config())
+               : nullptr) {
+-  if (cookie_encryption_enabled_) {
+-    cookie_encryption_provider_ =
+-        std::make_unique<CookieEncryptionProviderImpl>(os_crypt_async_.get());
+-  }
+   if (!proxy_config_) {
+     base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
+     if (command_line->HasSwitch(switches::kNoSystemProxyConfigService)) {
+@@ -240,10 +232,6 @@ void HeadlessRequestContextManager::ConfigureNetworkContextParamsInternal(
+ 
+   if (!user_data_path_.empty()) {
+     context_params->enable_encrypted_cookies = cookie_encryption_enabled_;
+-    if (cookie_encryption_enabled_) {
+-      context_params->cookie_encryption_provider =
+-          cookie_encryption_provider_->BindNewRemote();
+-    }
+     context_params->file_paths =
+         ::network::mojom::NetworkContextFilePaths::New();
+     context_params->file_paths->data_directory =
+diff --git a/headless/lib/browser/headless_request_context_manager.h b/headless/lib/browser/headless_request_context_manager.h
+index 91d74eaadd9f4d451e809b38a2f999b298068820..e45427ce90f909e609688ab59f4581b185b6757e 100644
+--- a/headless/lib/browser/headless_request_context_manager.h
++++ b/headless/lib/browser/headless_request_context_manager.h
+@@ -13,13 +13,8 @@
+ #include "content/public/browser/browser_context.h"
+ #include "mojo/public/cpp/bindings/pending_remote.h"
+ #include "services/cert_verifier/public/mojom/cert_verifier_service_factory.mojom-forward.h"
+-#include "services/network/public/cpp/cookie_encryption_provider_impl.h"
+ #include "services/network/public/mojom/network_context.mojom.h"
+ 
+-namespace os_crypt_async {
+-class OSCryptAsync;
+-}
+-
+ namespace headless {
+ 
+ class HeadlessBrowserContextOptions;
+@@ -28,12 +23,10 @@ class HeadlessProxyConfigMonitor;
+ class HeadlessRequestContextManager {
+  public:
+   static std::unique_ptr<HeadlessRequestContextManager> CreateSystemContext(
+-      const HeadlessBrowserContextOptions* options,
+-      os_crypt_async::OSCryptAsync* os_crypt_async);
++      const HeadlessBrowserContextOptions* options);
+ 
+   HeadlessRequestContextManager(const HeadlessBrowserContextOptions* options,
+-                                base::FilePath user_data_path,
+-                                os_crypt_async::OSCryptAsync* os_crypt_async);
++                                base::FilePath user_data_path);
+ 
+   HeadlessRequestContextManager(const HeadlessRequestContextManager&) = delete;
+   HeadlessRequestContextManager& operator=(
+@@ -56,15 +49,12 @@ class HeadlessRequestContextManager {
+ 
+   const bool cookie_encryption_enabled_;
+ 
+-  const raw_ptr<os_crypt_async::OSCryptAsync> os_crypt_async_;
+-
+   base::FilePath user_data_path_;
+   base::FilePath disk_cache_dir_;
+   std::string accept_language_;
+   std::string user_agent_;
+   std::unique_ptr<net::ProxyConfig> proxy_config_;
+   std::unique_ptr<HeadlessProxyConfigMonitor> proxy_config_monitor_;
+-  std::unique_ptr<CookieEncryptionProviderImpl> cookie_encryption_provider_;
+ 
+   mojo::PendingRemote<::network::mojom::NetworkContext> system_context_;
+ };
+diff --git a/services/network/network_context.cc b/services/network/network_context.cc
+index 0ea9555487f6e63de95053a6e1124369770a5d09..c38a2f62a67bd970bf2862c229cfc04427aa28b7 100644
+--- a/services/network/network_context.cc
++++ b/services/network/network_context.cc
+@@ -3282,12 +3282,7 @@ NetworkContext::MakeSessionCleanupCookieStore() const {
+       crypto_delegate = std::make_unique<CookieOSCryptAsyncDelegate>(
+           std::move(params_->cookie_encryption_provider));
+     } else {
+-#if !BUILDFLAG(IS_ANDROID)
+-      // A cookie crypto delegate should not be created on Android to
+-      // match the behavior of cookie_config::GetCookieCryptoDelegate().
+-      // See https://crbug.com/449652881
+-      NOTREACHED();
+-#endif
++      crypto_delegate = cookie_config::GetCookieCryptoDelegate();
+     }
+   }
+ 
+diff --git a/services/network/public/cpp/BUILD.gn b/services/network/public/cpp/BUILD.gn
+index b48bdf27cd97142ceebc1f0b769b502bf037ce36..3b1424b6df37aa4a3cd341e8b89524e34480d4ac 100644
+--- a/services/network/public/cpp/BUILD.gn
++++ b/services/network/public/cpp/BUILD.gn
+@@ -69,8 +69,6 @@ component("cpp") {
+     "content_decoding_interceptor.h",
+     "content_language_parser.cc",
+     "content_language_parser.h",
+-    "cookie_encryption_provider_impl.cc",
+-    "cookie_encryption_provider_impl.h",
+     "cors/cors.cc",
+     "cors/cors.h",
+     "cors/origin_access_list.cc",
+@@ -187,8 +185,6 @@ component("cpp") {
+   deps = [
+     "//base",
+     "//components/link_header_util",
+-    "//components/os_crypt/async/browser",
+-    "//components/os_crypt/async/common",
+     "//components/prefs",
+     "//ipc",
+     "//net",
+diff --git a/services/network/public/mojom/network_context.mojom b/services/network/public/mojom/network_context.mojom
+index fcb6654e449a5ba5bd083be4c912f4a496184dd4..84da0a0b8e697b7927a62dd6d484fd8bc75c66d7 100644
+--- a/services/network/public/mojom/network_context.mojom
++++ b/services/network/public/mojom/network_context.mojom
+@@ -571,9 +571,10 @@ struct NetworkContextParams {
+   bool acam_preflight_spec_conformant = true;
+ 
+   // Sets the cookie encryption provider to be used by this network context if
+-  // `enable_encrypted_cookies` is enabled.
+-  // The `GetEncryptor` method on the supplied `cookie_encryption_provider` is
+-  // called to obtain a valid set of keys for cookie encryption.
++  // `enable_encrypted_cookies` is also enabled.
++  // If both are set then the `GetEncryptor` method on the supplied
++  // `cookie_encryption_provider` is called to obtain a valid set of keys for
++  // cookie encryption.
+   pending_remote<CookieEncryptionProvider>? cookie_encryption_provider;
+ 
+   // Enables Device Bound Session Credential for this network context.

shell/browser/browser_process_impl.cc

@@ -12,27 +12,11 @@
 #include "base/files/file_path.h"
 #include "base/notimplemented.h"
 #include "base/path_service.h"
-#include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/common/chrome_switches.h"
 #include "components/os_crypt/async/browser/key_provider.h"
 #include "components/os_crypt/async/browser/os_crypt_async.h"
 #include "components/os_crypt/sync/os_crypt.h"
-#include "components/password_manager/core/browser/password_manager_switches.h"
-
-#if BUILDFLAG(IS_WIN)
-#include "components/os_crypt/async/browser/dpapi_key_provider.h"
-#endif
-
-#if BUILDFLAG(IS_LINUX)
-#include "components/os_crypt/async/browser/freedesktop_secret_key_provider.h"
-#include "components/os_crypt/async/browser/posix_key_provider.h"
-#endif
-
-#if BUILDFLAG(IS_MAC)
-#include "components/os_crypt/async/browser/keychain_key_provider.h"
-#endif
-
 #include "components/prefs/in_memory_pref_store.h"
 #include "components/prefs/json_pref_store.h"
 #include "components/prefs/overlay_user_pref_store.h"
@@ -426,45 +410,15 @@ void BrowserProcessImpl::CreateNetworkQualityObserver() {
 }
 
 void BrowserProcessImpl::CreateOSCryptAsync() {
-  // Initialize OSCryptAsync with platform-specific key providers.
-  // See https://chromium-review.googlesource.com/c/chromium/src/+/6996667
-  std::vector<std::pair<size_t, std::unique_ptr<os_crypt_async::KeyProvider>>>
-      providers;
+  // source: https://chromium-review.googlesource.com/c/chromium/src/+/4455776
 
-#if BUILDFLAG(IS_WIN)
-  // On Windows, use DPAPI key provider for cookie encryption.
-  providers.emplace_back(
-      /*precedence=*/10u,
-      std::make_unique<os_crypt_async::DPAPIKeyProvider>(local_state()));
-#endif  // BUILDFLAG(IS_WIN)
-
-#if BUILDFLAG(IS_LINUX)
-  // On Linux, use FreedesktopSecretKeyProvider (for GNOME Keyring, KWallet,
-  // etc.) with PosixKeyProvider as fallback.
-  base::CommandLine* cmd_line = base::CommandLine::ForCurrentProcess();
-  const auto password_store =
-      cmd_line->GetSwitchValueASCII(password_manager::kPasswordStore);
-
-  providers.emplace_back(
-      /*precedence=*/10u,
-      std::make_unique<os_crypt_async::FreedesktopSecretKeyProvider>(
-          password_store, "Electron", nullptr));
-
-  // PosixKeyProvider as fallback with lower precedence.
-  providers.emplace_back(
-      /*precedence=*/5u, std::make_unique<os_crypt_async::PosixKeyProvider>());
-#endif  // BUILDFLAG(IS_LINUX)
-
-#if BUILDFLAG(IS_MAC)
-  // On macOS, use KeychainKeyProvider for cookie encryption.
-  // This is enabled by default in Chrome via features::kUseKeychainKeyProvider.
-  providers.emplace_back(
-      /*precedence=*/10u,
-      std::make_unique<os_crypt_async::KeychainKeyProvider>());
-#endif  // BUILDFLAG(IS_MAC)
-
-  os_crypt_async_ =
-      std::make_unique<os_crypt_async::OSCryptAsync>(std::move(providers));
+  // For now, initialize OSCryptAsync with no providers. This delegates all
+  // encryption operations to OSCrypt.
+  // TODO(crbug.com/1373092): Add providers behind features, as support for them
+  // is added.
+  os_crypt_async_ = std::make_unique<os_crypt_async::OSCryptAsync>(
+      std::vector<
+          std::pair<size_t, std::unique_ptr<os_crypt_async::KeyProvider>>>());
 
   // Trigger async initialization of OSCrypt key providers.
   os_crypt_async_->GetInstance(base::DoNothing());

shell/browser/net/network_context_service.cc

@@ -14,7 +14,6 @@
 #include "net/http/http_util.h"
 #include "net/net_buildflags.h"
 #include "services/network/network_service.h"
-#include "services/network/public/cpp/cookie_encryption_provider_impl.h"
 #include "services/network/public/cpp/cors/origin_access_list.h"
 #include "shell/browser/browser_process_impl.h"
 #include "shell/browser/electron_browser_client.h"
@@ -115,18 +114,6 @@ void NetworkContextService::ConfigureNetworkContextParams(
     network_context_params->enable_encrypted_cookies =
         electron::fuses::IsCookieEncryptionEnabled();
 
-    // If cookie encryption is enabled, we need to provide a cookie encryption
-    // provider for the network service to use.
-    if (network_context_params->enable_encrypted_cookies) {
-      if (!cookie_encryption_provider_) {
-        cookie_encryption_provider_ =
-            std::make_unique<CookieEncryptionProviderImpl>(
-                g_browser_process->os_crypt_async());
-      }
-      network_context_params->cookie_encryption_provider =
-          cookie_encryption_provider_->BindNewRemote();
-    }
-
     network_context_params->file_paths->transport_security_persister_file_name =
         base::FilePath(chrome::kTransportSecurityPersisterFilename);
   }

shell/browser/net/network_context_service.h

@@ -5,16 +5,12 @@
 #ifndef ELECTRON_SHELL_BROWSER_NET_NETWORK_CONTEXT_SERVICE_H_
 #define ELECTRON_SHELL_BROWSER_NET_NETWORK_CONTEXT_SERVICE_H_
 
-#include <memory>
-
 #include "base/memory/raw_ptr.h"
 #include "chrome/browser/net/proxy_config_monitor.h"
 #include "components/keyed_service/core/keyed_service.h"
 #include "services/cert_verifier/public/mojom/cert_verifier_service_factory.mojom-forward.h"
 #include "services/network/public/mojom/network_context.mojom-forward.h"
 
-class CookieEncryptionProviderImpl;
-
 namespace base {
 class FilePath;
 }  // namespace base
@@ -50,7 +46,6 @@ class NetworkContextService : public KeyedService {
 
   raw_ptr<ElectronBrowserContext> browser_context_;
   ProxyConfigMonitor proxy_config_monitor_;
-  std::unique_ptr<CookieEncryptionProviderImpl> cookie_encryption_provider_;
 };
 
 }  // namespace electron