Search all slots when looking for a key in NSS

This should make it possible to run on a VM, and still find the private key created for the owner in the software slot.

BUG=chromium-os:15817
TEST=Built an image and tried it on a VM and a device. Both showed restricted users list.

Review URL: http://codereview.chromium.org/7066070

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@88380 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 36 insertions, 40 deletions

diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc
index 9901e3a..e484abe 100644
--- a/crypto/nss_util.cc
+++ b/crypto/nss_util.cc
@@ -155,24 +155,6 @@ void UseLocalCacheOfNSSDatabaseIfNFS(const FilePath& database_dir) {
 #endif  // defined(OS_LINUX)
 }
 
-// A helper class that acquires the SECMOD list read lock while the
-// AutoSECMODListReadLock is in scope.
-class AutoSECMODListReadLock {
- public:
-  AutoSECMODListReadLock()
-      : lock_(SECMOD_GetDefaultModuleListLock()) {
-    SECMOD_GetReadLock(lock_);
-  }
-
-  ~AutoSECMODListReadLock() {
-    SECMOD_ReleaseReadLock(lock_);
-  }
-
- private:
-  SECMODListLock* lock_;
-  DISALLOW_COPY_AND_ASSIGN(AutoSECMODListReadLock);
-};
-
 PK11SlotInfo* FindSlotWithTokenName(const std::string& token_name) {
   AutoSECMODListReadLock auto_lock;
   SECMODModuleList* head = SECMOD_GetDefaultModuleList();
@@ -670,6 +652,16 @@ AutoNSSWriteLock::~AutoNSSWriteLock() {
     lock_->Release();
   }
 }
+
+AutoSECMODListReadLock::AutoSECMODListReadLock()
+      : lock_(SECMOD_GetDefaultModuleListLock()) {
+    SECMOD_GetReadLock(lock_);
+  }
+
+AutoSECMODListReadLock::~AutoSECMODListReadLock() {
+  SECMOD_ReleaseReadLock(lock_);
+}
+
 #endif  // defined(USE_NSS)
 
 #if defined(OS_CHROMEOS)
diff --git a/crypto/nss_util_internal.h b/crypto/nss_util_internal.h
index ea40fdb..e90e4c4 100644
--- a/crypto/nss_util_internal.h
+++ b/crypto/nss_util_internal.h
@@ -25,6 +25,18 @@ PK11SlotInfo* GetPublicNSSKeySlot();
 // PK11_FreeSlot.
 PK11SlotInfo* GetPrivateNSSKeySlot();
 
+// A helper class that acquires the SECMOD list read lock while the
+// AutoSECMODListReadLock is in scope.
+class AutoSECMODListReadLock {
+ public:
+  AutoSECMODListReadLock();
+  ~AutoSECMODListReadLock();
+
+ private:
+  SECMODListLock* lock_;
+  DISALLOW_COPY_AND_ASSIGN(AutoSECMODListReadLock);
+};
+
 }  // namespace crypto
 
 #endif  // CRYPTO_NSS_UTIL_INTERNAL_H_
diff --git a/crypto/rsa_private_key_nss.cc b/crypto/rsa_private_key_nss.cc
index 8157de2..0d79dbe 100644
--- a/crypto/rsa_private_key_nss.cc
+++ b/crypto/rsa_private_key_nss.cc
@@ -7,6 +7,7 @@
 #include <cryptohi.h>
 #include <keyhi.h>
 #include <pk11pub.h>
+#include <secmod.h>
 
 #include <list>
 
@@ -119,31 +120,22 @@ RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo(
     return NULL;
   }
 
-  ScopedPK11Slot slot(GetPrivateNSSKeySlot());
-  if (!slot.get()) {
-    NOTREACHED();
-    return NULL;
-  }
-
-  // Finally...Look for the key!
-  result->key_ = PK11_FindKeyByKeyID(slot.get(), ck_id.get(), NULL);
-
-  // If we don't find the matching key in the private slot, then we
-  // look in the public slot.
-  if (!result->key_) {
-    slot.reset(GetPublicNSSKeySlot());
-    if (!slot.get()) {
-      NOTREACHED();
-      return NULL;
+  // Search all slots in all modules for the key with the given ID.
+  AutoSECMODListReadLock auto_lock;
+  SECMODModuleList* head = SECMOD_GetDefaultModuleList();
+  for (SECMODModuleList* item = head; item != NULL; item = item->next) {
+    int slot_count = item->module->loaded ? item->module->slotCount : 0;
+    for (int i = 0; i < slot_count; i++) {
+      // Finally...Look for the key!
+      result->key_ = PK11_FindKeyByKeyID(item->module->slots[i],
+                                         ck_id.get(), NULL);
+      if (result->key_)
+        return result.release();
     }
-    result->key_ = PK11_FindKeyByKeyID(slot.get(), ck_id.get(), NULL);
   }
 
-  // If we didn't find it, that's ok.
-  if (!result->key_)
-    return NULL;
-
-  return result.release();
+  // We didn't find the key.
+  return NULL;
 }