diff options
| author | gspencer@google.com <gspencer@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-08 19:46:42 +0000 |
|---|---|---|
| committer | gspencer@google.com <gspencer@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-08 19:46:42 +0000 |
| commit | dd24ffcb6086d6ac46e46353007a80bf9f46831c (patch) | |
| tree | 823464c487ef8bbbffbba3009a8ef579803a0c83 /crypto/rsa_private_key_nss.cc | |
| parent | 36b70ae13ee2c7051b8ce9b531b2d72da7c1b3cb (diff) | |
| download | chromium_src-dd24ffcb6086d6ac46e46353007a80bf9f46831c.zip chromium_src-dd24ffcb6086d6ac46e46353007a80bf9f46831c.tar.gz chromium_src-dd24ffcb6086d6ac46e46353007a80bf9f46831c.tar.bz2 | |
Search all slots when looking for a key in NSS
This should make it possible to run on a VM, and still find the private key created for the owner in the software slot.
BUG=chromium-os:15817
TEST=Built an image and tried it on a VM and a device. Both showed restricted users list.
Review URL: http://codereview.chromium.org/7066070
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@88380 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto/rsa_private_key_nss.cc')
| -rw-r--r-- | crypto/rsa_private_key_nss.cc | 36 |
1 files changed, 14 insertions, 22 deletions
diff --git a/crypto/rsa_private_key_nss.cc b/crypto/rsa_private_key_nss.cc index 8157de2..0d79dbe 100644 --- a/crypto/rsa_private_key_nss.cc +++ b/crypto/rsa_private_key_nss.cc @@ -7,6 +7,7 @@ #include <cryptohi.h> #include <keyhi.h> #include <pk11pub.h> +#include <secmod.h> #include <list> @@ -119,31 +120,22 @@ RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo( return NULL; } - ScopedPK11Slot slot(GetPrivateNSSKeySlot()); - if (!slot.get()) { - NOTREACHED(); - return NULL; - } - - // Finally...Look for the key! - result->key_ = PK11_FindKeyByKeyID(slot.get(), ck_id.get(), NULL); - - // If we don't find the matching key in the private slot, then we - // look in the public slot. - if (!result->key_) { - slot.reset(GetPublicNSSKeySlot()); - if (!slot.get()) { - NOTREACHED(); - return NULL; + // Search all slots in all modules for the key with the given ID. + AutoSECMODListReadLock auto_lock; + SECMODModuleList* head = SECMOD_GetDefaultModuleList(); + for (SECMODModuleList* item = head; item != NULL; item = item->next) { + int slot_count = item->module->loaded ? item->module->slotCount : 0; + for (int i = 0; i < slot_count; i++) { + // Finally...Look for the key! + result->key_ = PK11_FindKeyByKeyID(item->module->slots[i], + ck_id.get(), NULL); + if (result->key_) + return result.release(); } - result->key_ = PK11_FindKeyByKeyID(slot.get(), ck_id.get(), NULL); } - // If we didn't find it, that's ok. - if (!result->key_) - return NULL; - - return result.release(); + // We didn't find the key. + return NULL; } |