diff options
| author | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-10-17 03:18:58 +0000 |
|---|---|---|
| committer | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-10-17 03:18:58 +0000 |
| commit | 4ad67c653f9f16125f0fcac759eba48d7bc9bee4 (patch) | |
| tree | c321a4044552923c758687e11cd2368297dd617c /crypto | |
| parent | 54db05eab3af2554886bd2fab8783f7909dca6fe (diff) | |
| download | chromium_src-4ad67c653f9f16125f0fcac759eba48d7bc9bee4.zip chromium_src-4ad67c653f9f16125f0fcac759eba48d7bc9bee4.tar.gz chromium_src-4ad67c653f9f16125f0fcac759eba48d7bc9bee4.tar.bz2 | |
Use the NSS internal key slot for all temporary key operations
Rather than calling PK11_GetBestSlot, which requires enumerating all
connected tokens, use PK11_GetInternalSlot, which explicitly uses the
internal NSS key database. On Linux, this will ignore any user preferences
regarding what tokens should be used for which mechanisms, but for
internal/temporary operations, this is an acceptable tradeoff.
BUG=chrome-os-partner:14707
Review URL: https://chromiumcodereview.appspot.com/11186004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@162309 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/encryptor.h | 1 | ||||
| -rw-r--r-- | crypto/encryptor_nss.cc | 4 | ||||
| -rw-r--r-- | crypto/openpgp_symmetric_encryption.cc | 2 | ||||
| -rw-r--r-- | crypto/symmetric_key_nss.cc | 6 |
4 files changed, 4 insertions, 9 deletions
diff --git a/crypto/encryptor.h b/crypto/encryptor.h index 773be22..798a26f 100644 --- a/crypto/encryptor.h +++ b/crypto/encryptor.h @@ -125,7 +125,6 @@ class CRYPTO_EXPORT Encryptor { bool CryptCTR(PK11Context* context, const base::StringPiece& input, std::string* output); - ScopedPK11Slot slot_; ScopedSECItem param_; #endif }; diff --git a/crypto/encryptor_nss.cc b/crypto/encryptor_nss.cc index cf4fa2a..280e38b 100644 --- a/crypto/encryptor_nss.cc +++ b/crypto/encryptor_nss.cc @@ -53,10 +53,6 @@ bool Encryptor::Init(SymmetricKey* key, if (mode == CBC && iv.size() != AES_BLOCK_SIZE) return false; - slot_.reset(PK11_GetBestSlot(GetMechanism(mode), NULL)); - if (!slot_.get()) - return false; - switch (mode) { case CBC: SECItem iv_item; diff --git a/crypto/openpgp_symmetric_encryption.cc b/crypto/openpgp_symmetric_encryption.cc index 7eb6737..702952b 100644 --- a/crypto/openpgp_symmetric_encryption.cc +++ b/crypto/openpgp_symmetric_encryption.cc @@ -150,7 +150,7 @@ void SaltedIteratedS2K(unsigned cipher_key_length, // in ECB mode and with no IV. bool CreateAESContext(const uint8* key, unsigned key_len, ScopedPK11Context* out_decryption_context) { - ScopedPK11Slot slot(PK11_GetBestSlot(CKM_AES_ECB, NULL)); + ScopedPK11Slot slot(PK11_GetInternalSlot()); if (!slot.get()) return false; SECItem key_item; diff --git a/crypto/symmetric_key_nss.cc b/crypto/symmetric_key_nss.cc index 6772532..7fd0c32 100644 --- a/crypto/symmetric_key_nss.cc +++ b/crypto/symmetric_key_nss.cc @@ -23,7 +23,7 @@ SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, if (key_size_in_bits == 0) return NULL; - ScopedPK11Slot slot(PK11_GetBestSlot(CKM_AES_KEY_GEN, NULL)); + ScopedPK11Slot slot(PK11_GetInternalSlot()); if (!slot.get()) return NULL; @@ -68,7 +68,7 @@ SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm, if (!alg_id.get()) return NULL; - ScopedPK11Slot slot(PK11_GetBestSlot(SEC_OID_PKCS5_PBKDF2, NULL)); + ScopedPK11Slot slot(PK11_GetInternalSlot()); if (!slot.get()) return NULL; @@ -93,7 +93,7 @@ SymmetricKey* SymmetricKey::Import(Algorithm algorithm, const_cast<char *>(raw_key.data())); key_item.len = raw_key.size(); - ScopedPK11Slot slot(PK11_GetBestSlot(cipher, NULL)); + ScopedPK11Slot slot(PK11_GetInternalSlot()); if (!slot.get()) return NULL; |