mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-29 07:42:04 +00:00
905443cc71
To import private keys, WebCrypto creates a generic PKCS#11 object with a chosen key ID with PK11_CreateGenericObject and then looks up that object as a SECKEYPrivateKey using PK11_FindKeyByKeyID. It turns out that this is only safe to do as long as the ID is unique. If another SECKEYPrivateKey exists that has the same key ID (realistically this will only happen if an identical key is imported again), PK11_FindKeyByKeyID may return the other key. Since SECKEYPrivateKey objects are unique and not meant to be shared, this causes problems in that when one key is destroyed, the resources backing the other key are no longer valid, and any cryptographic operations using that key will fail. The solution is to use random IDs and check for preexisting keys. NSS doesn't yet expose an elegant API for this, but this patch implements a workaround. MozReview-Commit-ID: EvYMZxnBxTv --HG-- extra : rebase_source : 50408e1af9eb3934b51a0f01e02aa4890e57ed03 |
||
---|---|---|
.. | ||
test | ||
CryptoBuffer.cpp | ||
CryptoBuffer.h | ||
CryptoKey.cpp | ||
CryptoKey.h | ||
KeyAlgorithmProxy.cpp | ||
KeyAlgorithmProxy.h | ||
moz.build | ||
WebCryptoCommon.h | ||
WebCryptoTask.cpp | ||
WebCryptoTask.h | ||
WebCryptoThreadPool.cpp | ||
WebCryptoThreadPool.h |