0

Use the NSS internal key slot for all temporary key operations

Rather than calling PK11_GetBestSlot, which requires enumerating all
connected tokens, use PK11_GetInternalSlot, which explicitly uses the
internal NSS key database. On Linux, this will ignore any user preferences
regarding what tokens should be used for which mechanisms, but for
internal/temporary operations, this is an acceptable tradeoff.

BUG=chrome-os-partner:14707


Review URL: https://chromiumcodereview.appspot.com/11186004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@162309 0039d316-1c4b-4281-b951-d872f2087c98
This commit is contained in:
rsleevi@chromium.org
2012-10-17 03:18:58 +00:00
parent 54db05eab3
commit 4ad67c653f
5 changed files with 5 additions and 10 deletions

@ -125,7 +125,6 @@ class CRYPTO_EXPORT Encryptor {
bool CryptCTR(PK11Context* context,
const base::StringPiece& input,
std::string* output);
ScopedPK11Slot slot_;
ScopedSECItem param_;
#endif
};

@ -53,10 +53,6 @@ bool Encryptor::Init(SymmetricKey* key,
if (mode == CBC && iv.size() != AES_BLOCK_SIZE)
return false;
slot_.reset(PK11_GetBestSlot(GetMechanism(mode), NULL));
if (!slot_.get())
return false;
switch (mode) {
case CBC:
SECItem iv_item;

@ -150,7 +150,7 @@ void SaltedIteratedS2K(unsigned cipher_key_length,
// in ECB mode and with no IV.
bool CreateAESContext(const uint8* key, unsigned key_len,
ScopedPK11Context* out_decryption_context) {
ScopedPK11Slot slot(PK11_GetBestSlot(CKM_AES_ECB, NULL));
ScopedPK11Slot slot(PK11_GetInternalSlot());
if (!slot.get())
return false;
SECItem key_item;

@ -23,7 +23,7 @@ SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm,
if (key_size_in_bits == 0)
return NULL;
ScopedPK11Slot slot(PK11_GetBestSlot(CKM_AES_KEY_GEN, NULL));
ScopedPK11Slot slot(PK11_GetInternalSlot());
if (!slot.get())
return NULL;
@ -68,7 +68,7 @@ SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm,
if (!alg_id.get())
return NULL;
ScopedPK11Slot slot(PK11_GetBestSlot(SEC_OID_PKCS5_PBKDF2, NULL));
ScopedPK11Slot slot(PK11_GetInternalSlot());
if (!slot.get())
return NULL;
@ -93,7 +93,7 @@ SymmetricKey* SymmetricKey::Import(Algorithm algorithm,
const_cast<char *>(raw_key.data()));
key_item.len = raw_key.size();
ScopedPK11Slot slot(PK11_GetBestSlot(cipher, NULL));
ScopedPK11Slot slot(PK11_GetInternalSlot());
if (!slot.get())
return NULL;

@ -114,7 +114,7 @@ void DESEncrypt(const uint8* key, const uint8* src, uint8* hash) {
crypto::EnsureNSSInit();
slot = PK11_GetBestSlot(cipher_mech, NULL);
slot = PK11_GetInternalSlot();
if (!slot)
goto done;