Use the NSS internal key slot for all temporary key operations

Rather than calling PK11_GetBestSlot, which requires enumerating all connected tokens, use PK11_GetInternalSlot, which explicitly uses the internal NSS key database. On Linux, this will ignore any user preferences regarding what tokens should be used for which mechanisms, but for internal/temporary operations, this is an acceptable tradeoff. BUG=chrome-os-partner:14707 Review URL: https://chromiumcodereview.appspot.com/11186004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@162309 0039d316-1c4b-4281-b951-d872f2087c98
cbchan · Oct 17, 2012 · 4ad67c6 · 4ad67c6
1 parent 54db05e
commit 4ad67c6
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 10 deletions.
diff --git a/crypto/encryptor.h b/crypto/encryptor.h
@@ -125,7 +125,6 @@ class CRYPTO_EXPORT Encryptor {
   bool CryptCTR(PK11Context* context,
                 const base::StringPiece& input,
                 std::string* output);
-  ScopedPK11Slot slot_;
   ScopedSECItem param_;
 #endif
 };

diff --git a/crypto/encryptor_nss.cc b/crypto/encryptor_nss.cc
@@ -53,10 +53,6 @@ bool Encryptor::Init(SymmetricKey* key,
   if (mode == CBC && iv.size() != AES_BLOCK_SIZE)
     return false;
 
-  slot_.reset(PK11_GetBestSlot(GetMechanism(mode), NULL));
-  if (!slot_.get())
-    return false;
-
   switch (mode) {
     case CBC:
       SECItem iv_item;

diff --git a/crypto/openpgp_symmetric_encryption.cc b/crypto/openpgp_symmetric_encryption.cc
@@ -150,7 +150,7 @@ void SaltedIteratedS2K(unsigned cipher_key_length,
 // in ECB mode and with no IV.
 bool CreateAESContext(const uint8* key, unsigned key_len,
                       ScopedPK11Context* out_decryption_context) {
-  ScopedPK11Slot slot(PK11_GetBestSlot(CKM_AES_ECB, NULL));
+  ScopedPK11Slot slot(PK11_GetInternalSlot());
   if (!slot.get())
     return false;
   SECItem key_item;

diff --git a/crypto/symmetric_key_nss.cc b/crypto/symmetric_key_nss.cc
@@ -23,7 +23,7 @@ SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm,
   if (key_size_in_bits == 0)
     return NULL;
 
-  ScopedPK11Slot slot(PK11_GetBestSlot(CKM_AES_KEY_GEN, NULL));
+  ScopedPK11Slot slot(PK11_GetInternalSlot());
   if (!slot.get())
     return NULL;
 
@@ -68,7 +68,7 @@ SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm,
   if (!alg_id.get())
     return NULL;
 
-  ScopedPK11Slot slot(PK11_GetBestSlot(SEC_OID_PKCS5_PBKDF2, NULL));
+  ScopedPK11Slot slot(PK11_GetInternalSlot());
   if (!slot.get())
     return NULL;
 
@@ -93,7 +93,7 @@ SymmetricKey* SymmetricKey::Import(Algorithm algorithm,
       const_cast<char *>(raw_key.data()));
   key_item.len = raw_key.size();
 
-  ScopedPK11Slot slot(PK11_GetBestSlot(cipher, NULL));
+  ScopedPK11Slot slot(PK11_GetInternalSlot());
   if (!slot.get())
     return NULL;
 

diff --git a/net/http/des.cc b/net/http/des.cc
@@ -114,7 +114,7 @@ void DESEncrypt(const uint8* key, const uint8* src, uint8* hash) {
 
   crypto::EnsureNSSInit();
 
-  slot = PK11_GetBestSlot(cipher_mech, NULL);
+  slot = PK11_GetInternalSlot();
   if (!slot)
     goto done;