Commit dd24ffcb authored by gspencer@google.com's avatar gspencer@google.com

Search all slots when looking for a key in NSS

This should make it possible to run on a VM, and still find the private key created for the owner in the software slot.

BUG=chromium-os:15817
TEST=Built an image and tried it on a VM and a device. Both showed restricted users list.

Review URL: http://codereview.chromium.org/7066070

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@88380 0039d316-1c4b-4281-b951-d872f2087c98
parent 36b70ae1
......@@ -155,24 +155,6 @@ void UseLocalCacheOfNSSDatabaseIfNFS(const FilePath& database_dir) {
#endif // defined(OS_LINUX)
}
// A helper class that acquires the SECMOD list read lock while the
// AutoSECMODListReadLock is in scope.
class AutoSECMODListReadLock {
public:
AutoSECMODListReadLock()
: lock_(SECMOD_GetDefaultModuleListLock()) {
SECMOD_GetReadLock(lock_);
}
~AutoSECMODListReadLock() {
SECMOD_ReleaseReadLock(lock_);
}
private:
SECMODListLock* lock_;
DISALLOW_COPY_AND_ASSIGN(AutoSECMODListReadLock);
};
PK11SlotInfo* FindSlotWithTokenName(const std::string& token_name) {
AutoSECMODListReadLock auto_lock;
SECMODModuleList* head = SECMOD_GetDefaultModuleList();
......@@ -670,6 +652,16 @@ AutoNSSWriteLock::~AutoNSSWriteLock() {
lock_->Release();
}
}
AutoSECMODListReadLock::AutoSECMODListReadLock()
: lock_(SECMOD_GetDefaultModuleListLock()) {
SECMOD_GetReadLock(lock_);
}
AutoSECMODListReadLock::~AutoSECMODListReadLock() {
SECMOD_ReleaseReadLock(lock_);
}
#endif // defined(USE_NSS)
#if defined(OS_CHROMEOS)
......
......@@ -25,6 +25,18 @@ PK11SlotInfo* GetPublicNSSKeySlot();
// PK11_FreeSlot.
PK11SlotInfo* GetPrivateNSSKeySlot();
// A helper class that acquires the SECMOD list read lock while the
// AutoSECMODListReadLock is in scope.
class AutoSECMODListReadLock {
public:
AutoSECMODListReadLock();
~AutoSECMODListReadLock();
private:
SECMODListLock* lock_;
DISALLOW_COPY_AND_ASSIGN(AutoSECMODListReadLock);
};
} // namespace crypto
#endif // CRYPTO_NSS_UTIL_INTERNAL_H_
......@@ -7,6 +7,7 @@
#include <cryptohi.h>
#include <keyhi.h>
#include <pk11pub.h>
#include <secmod.h>
#include <list>
......@@ -119,31 +120,22 @@ RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo(
return NULL;
}
ScopedPK11Slot slot(GetPrivateNSSKeySlot());
if (!slot.get()) {
NOTREACHED();
return NULL;
}
// Finally...Look for the key!
result->key_ = PK11_FindKeyByKeyID(slot.get(), ck_id.get(), NULL);
// If we don't find the matching key in the private slot, then we
// look in the public slot.
if (!result->key_) {
slot.reset(GetPublicNSSKeySlot());
if (!slot.get()) {
NOTREACHED();
return NULL;
// Search all slots in all modules for the key with the given ID.
AutoSECMODListReadLock auto_lock;
SECMODModuleList* head = SECMOD_GetDefaultModuleList();
for (SECMODModuleList* item = head; item != NULL; item = item->next) {
int slot_count = item->module->loaded ? item->module->slotCount : 0;
for (int i = 0; i < slot_count; i++) {
// Finally...Look for the key!
result->key_ = PK11_FindKeyByKeyID(item->module->slots[i],
ck_id.get(), NULL);
if (result->key_)
return result.release();
}
result->key_ = PK11_FindKeyByKeyID(slot.get(), ck_id.get(), NULL);
}
// If we didn't find it, that's ok.
if (!result->key_)
return NULL;
return result.release();
// We didn't find the key.
return NULL;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment