Use the NSS internal key slot for all temporary key operations

Rather than calling PK11_GetBestSlot, which requires enumerating all connected tokens, use PK11_GetInternalSlot, which explicitly uses the internal NSS key database. On Linux, this will ignore any user preferences regarding what tokens should be used for which mechanisms, but for internal/temporary operations, this is an acceptable tradeoff. BUG=chrome-os-partner:14707 Review URL: https://chromiumcodereview.appspot.com/11186004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@162309 0039d316-1c4b-4281-b951-d872f2087c98

Use the NSS internal key slot for all temporary key operations
Rather than calling PK11_GetBestSlot, which requires enumerating all connected tokens, use PK11_GetInternalSlot, which explicitly uses the internal NSS key database. On Linux, this will ignore any user preferences regarding what tokens should be used for which mechanisms, but for internal/temporary operations, this is an acceptable tradeoff. BUG=chrome-os-partner:14707 Review URL: https://chromiumcodereview.appspot.com/11186004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@162309 0039d316-1c4b-4281-b951-d872f2087c98
4ad67c65 · rsleevi@chromium.org · 54db05ea · 4ad67c65 · 4ad67c65 · 4ad67c65
Commit 4ad67c65 authored Oct 17, 2012 by rsleevi@chromium.org
5 changed files
--- a/crypto/encryptor.h
+++ b/crypto/encryptor.h
@@ -125,7 +125,6 @@ class CRYPTO_EXPORT Encryptor {
  bool CryptCTR(PK11Context* context,
                const base::StringPiece& input,
                std::string* output);
-  ScopedPK11Slot slot_;
  ScopedSECItem param_;
 #endif
 };

--- a/crypto/encryptor_nss.cc
+++ b/crypto/encryptor_nss.cc
@@ -53,10 +53,6 @@ bool Encryptor::Init(SymmetricKey* key,
  if (mode == CBC && iv.size() != AES_BLOCK_SIZE)
    return false;
-  slot_.reset(PK11_GetBestSlot(GetMechanism(mode), NULL));
-  if (!slot_.get())
-    return false;
  switch (mode) {
    case CBC:
      SECItem iv_item;

--- a/crypto/openpgp_symmetric_encryption.cc
+++ b/crypto/openpgp_symmetric_encryption.cc
@@ -150,7 +150,7 @@ void SaltedIteratedS2K(unsigned cipher_key_length,
 // in ECB mode and with no IV.
 bool CreateAESContext(const uint8* key, unsigned key_len,
                      ScopedPK11Context* out_decryption_context) {
-  ScopedPK11Slot slot(PK11_GetBestSlot(CKM_AES_ECB, NULL));
+  ScopedPK11Slot slot(PK11_GetInternalSlot());
  if (!slot.get())
    return false;
  SECItem key_item;

--- a/crypto/symmetric_key_nss.cc
+++ b/crypto/symmetric_key_nss.cc
@@ -23,7 +23,7 @@ SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm,
  if (key_size_in_bits == 0)
    return NULL;
-  ScopedPK11Slot slot(PK11_GetBestSlot(CKM_AES_KEY_GEN, NULL));
+  ScopedPK11Slot slot(PK11_GetInternalSlot());
  if (!slot.get())
    return NULL;
@@ -68,7 +68,7 @@ SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm,
  if (!alg_id.get())
    return NULL;
-  ScopedPK11Slot slot(PK11_GetBestSlot(SEC_OID_PKCS5_PBKDF2, NULL));
+  ScopedPK11Slot slot(PK11_GetInternalSlot());
  if (!slot.get())
    return NULL;
@@ -93,7 +93,7 @@ SymmetricKey* SymmetricKey::Import(Algorithm algorithm,
      const_cast<char *>(raw_key.data()));
  key_item.len = raw_key.size();
-  ScopedPK11Slot slot(PK11_GetBestSlot(cipher, NULL));
+  ScopedPK11Slot slot(PK11_GetInternalSlot());
  if (!slot.get())
    return NULL;

--- a/net/http/des.cc
+++ b/net/http/des.cc
@@ -114,7 +114,7 @@ void DESEncrypt(const uint8* key, const uint8* src, uint8* hash) {
  crypto::EnsureNSSInit();
-  slot = PK11_GetBestSlot(cipher_mech, NULL);
+  slot = PK11_GetInternalSlot();
  if (!slot)
    goto done;