gecko-dev/dom/crypto
David Keeler 905443cc71 bug 1264771 - randomize key IDs in WebCrypto r=ttaubert
To import private keys, WebCrypto creates a generic PKCS#11 object with a chosen
key ID with PK11_CreateGenericObject and then looks up that object as a
SECKEYPrivateKey using PK11_FindKeyByKeyID. It turns out that this is only safe
to do as long as the ID is unique. If another SECKEYPrivateKey exists that has
the same key ID (realistically this will only happen if an identical key is
imported again), PK11_FindKeyByKeyID may return the other key. Since
SECKEYPrivateKey objects are unique and not meant to be shared, this causes
problems in that when one key is destroyed, the resources backing the other key
are no longer valid, and any cryptographic operations using that key will fail.
The solution is to use random IDs and check for preexisting keys. NSS doesn't
yet expose an elegant API for this, but this patch implements a workaround.

MozReview-Commit-ID: EvYMZxnBxTv

--HG--
extra : rebase_source : 50408e1af9eb3934b51a0f01e02aa4890e57ed03
2016-05-04 12:48:37 -07:00
..
test bug 1264771 - randomize key IDs in WebCrypto r=ttaubert 2016-05-04 12:48:37 -07:00
CryptoBuffer.cpp Bug 1266569 - Avoid including the ChromeUtils binding in Base64.h. r=froydnj 2016-04-22 07:41:58 -07:00
CryptoBuffer.h Bug 1244960 - FIDO u2f NSSToken (Part 3): Review updates. r=keeler 2016-04-13 10:20:37 -07:00
CryptoKey.cpp bug 1264771 - randomize key IDs in WebCrypto r=ttaubert 2016-05-04 12:48:37 -07:00
CryptoKey.h Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat 2015-10-18 01:24:48 -04:00
KeyAlgorithmProxy.cpp Bug 1191936 - Implement SPKI/PKCS#8/JWK import/export for RSA-PSS r=rbarnes 2015-10-14 13:38:05 +02:00
KeyAlgorithmProxy.h Bug 1169890 - Check return values for CryptoBuffer.Assign() calls r=rbarnes 2015-05-30 08:28:45 +02:00
moz.build Bug 1001691 - Implement WebCrypto thread pool r=bz 2015-09-11 16:01:20 +02:00
WebCryptoCommon.h Bug 1191936 - Implement SPKI/PKCS#8/JWK import/export for RSA-PSS r=rbarnes 2015-10-14 13:38:05 +02:00
WebCryptoTask.cpp Bug 1271495 - Replace uses of ScopedPK11Context with UniquePK11Context. r=keeler,mcmanus 2016-05-13 05:53:57 -07:00
WebCryptoTask.h Bug 1263311: Part 3 - s/nsCancelableRunnable/CancelableRunnable/g. r=froydnj 2016-04-11 11:40:06 -07:00
WebCryptoThreadPool.cpp Bug 842818 - Allow calling WebCryptoTask::DispatchWithPromise() from workers r=keeler 2016-01-20 23:19:42 +01:00
WebCryptoThreadPool.h Bug 1001691 - Implement WebCrypto thread pool r=bz 2015-09-11 16:01:20 +02:00