Use the NSS internal key slot for all temporary key operations
Rather than calling PK11_GetBestSlot, which requires enumerating all connected tokens, use PK11_GetInternalSlot, which explicitly uses the internal NSS key database. On Linux, this will ignore any user preferences regarding what tokens should be used for which mechanisms, but for internal/temporary operations, this is an acceptable tradeoff. BUG=chrome-os-partner:14707 Review URL: https://chromiumcodereview.appspot.com/11186004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@162309 0039d316-1c4b-4281-b951-d872f2087c98
This commit is contained in:
@ -125,7 +125,6 @@ class CRYPTO_EXPORT Encryptor {
|
||||
bool CryptCTR(PK11Context* context,
|
||||
const base::StringPiece& input,
|
||||
std::string* output);
|
||||
ScopedPK11Slot slot_;
|
||||
ScopedSECItem param_;
|
||||
#endif
|
||||
};
|
||||
|
@ -53,10 +53,6 @@ bool Encryptor::Init(SymmetricKey* key,
|
||||
if (mode == CBC && iv.size() != AES_BLOCK_SIZE)
|
||||
return false;
|
||||
|
||||
slot_.reset(PK11_GetBestSlot(GetMechanism(mode), NULL));
|
||||
if (!slot_.get())
|
||||
return false;
|
||||
|
||||
switch (mode) {
|
||||
case CBC:
|
||||
SECItem iv_item;
|
||||
|
@ -150,7 +150,7 @@ void SaltedIteratedS2K(unsigned cipher_key_length,
|
||||
// in ECB mode and with no IV.
|
||||
bool CreateAESContext(const uint8* key, unsigned key_len,
|
||||
ScopedPK11Context* out_decryption_context) {
|
||||
ScopedPK11Slot slot(PK11_GetBestSlot(CKM_AES_ECB, NULL));
|
||||
ScopedPK11Slot slot(PK11_GetInternalSlot());
|
||||
if (!slot.get())
|
||||
return false;
|
||||
SECItem key_item;
|
||||
|
@ -23,7 +23,7 @@ SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm,
|
||||
if (key_size_in_bits == 0)
|
||||
return NULL;
|
||||
|
||||
ScopedPK11Slot slot(PK11_GetBestSlot(CKM_AES_KEY_GEN, NULL));
|
||||
ScopedPK11Slot slot(PK11_GetInternalSlot());
|
||||
if (!slot.get())
|
||||
return NULL;
|
||||
|
||||
@ -68,7 +68,7 @@ SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm,
|
||||
if (!alg_id.get())
|
||||
return NULL;
|
||||
|
||||
ScopedPK11Slot slot(PK11_GetBestSlot(SEC_OID_PKCS5_PBKDF2, NULL));
|
||||
ScopedPK11Slot slot(PK11_GetInternalSlot());
|
||||
if (!slot.get())
|
||||
return NULL;
|
||||
|
||||
@ -93,7 +93,7 @@ SymmetricKey* SymmetricKey::Import(Algorithm algorithm,
|
||||
const_cast<char *>(raw_key.data()));
|
||||
key_item.len = raw_key.size();
|
||||
|
||||
ScopedPK11Slot slot(PK11_GetBestSlot(cipher, NULL));
|
||||
ScopedPK11Slot slot(PK11_GetInternalSlot());
|
||||
if (!slot.get())
|
||||
return NULL;
|
||||
|
||||
|
@ -114,7 +114,7 @@ void DESEncrypt(const uint8* key, const uint8* src, uint8* hash) {
|
||||
|
||||
crypto::EnsureNSSInit();
|
||||
|
||||
slot = PK11_GetBestSlot(cipher_mech, NULL);
|
||||
slot = PK11_GetInternalSlot();
|
||||
if (!slot)
|
||||
goto done;
|
||||
|
||||
|
Reference in New Issue
Block a user