From dd24ffcb6086d6ac46e46353007a80bf9f46831c Mon Sep 17 00:00:00 2001
From: "gspencer@google.com"
 <gspencer@google.com@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Wed, 8 Jun 2011 19:46:42 +0000
Subject: Search all slots when looking for a key in NSS

This should make it possible to run on a VM, and still find the private key created for the owner in the software slot.

BUG=chromium-os:15817
TEST=Built an image and tried it on a VM and a device. Both showed restricted users list.

Review URL: http://codereview.chromium.org/7066070

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@88380 0039d316-1c4b-4281-b951-d872f2087c98
---
 crypto/rsa_private_key_nss.cc | 36 ++++++++++++++----------------------
 1 file changed, 14 insertions(+), 22 deletions(-)

(limited to 'crypto/rsa_private_key_nss.cc')

diff --git a/crypto/rsa_private_key_nss.cc b/crypto/rsa_private_key_nss.cc
index 8157de2..0d79dbe 100644
--- a/crypto/rsa_private_key_nss.cc
+++ b/crypto/rsa_private_key_nss.cc
@@ -7,6 +7,7 @@
 #include <cryptohi.h>
 #include <keyhi.h>
 #include <pk11pub.h>
+#include <secmod.h>
 
 #include <list>
 
@@ -119,31 +120,22 @@ RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo(
     return NULL;
   }
 
-  ScopedPK11Slot slot(GetPrivateNSSKeySlot());
-  if (!slot.get()) {
-    NOTREACHED();
-    return NULL;
-  }
-
-  // Finally...Look for the key!
-  result->key_ = PK11_FindKeyByKeyID(slot.get(), ck_id.get(), NULL);
-
-  // If we don't find the matching key in the private slot, then we
-  // look in the public slot.
-  if (!result->key_) {
-    slot.reset(GetPublicNSSKeySlot());
-    if (!slot.get()) {
-      NOTREACHED();
-      return NULL;
+  // Search all slots in all modules for the key with the given ID.
+  AutoSECMODListReadLock auto_lock;
+  SECMODModuleList* head = SECMOD_GetDefaultModuleList();
+  for (SECMODModuleList* item = head; item != NULL; item = item->next) {
+    int slot_count = item->module->loaded ? item->module->slotCount : 0;
+    for (int i = 0; i < slot_count; i++) {
+      // Finally...Look for the key!
+      result->key_ = PK11_FindKeyByKeyID(item->module->slots[i],
+                                         ck_id.get(), NULL);
+      if (result->key_)
+        return result.release();
     }
-    result->key_ = PK11_FindKeyByKeyID(slot.get(), ck_id.get(), NULL);
   }
 
-  // If we didn't find it, that's ok.
-  if (!result->key_)
-    return NULL;
-
-  return result.release();
+  // We didn't find the key.
+  return NULL;
 }
 
 
-- 
cgit v1.1