| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CRYPTO_NSS_UTIL_H_ | 5 #ifndef CRYPTO_NSS_UTIL_H_ |
| 6 #define CRYPTO_NSS_UTIL_H_ | 6 #define CRYPTO_NSS_UTIL_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
| 10 #include "crypto/crypto_export.h" | 10 #include "crypto/crypto_export.h" |
| (...skipping 18 matching lines...) Expand all Loading... |
| 29 // EarlySetupForNSSInit performs lightweight setup which must occur before the | 29 // EarlySetupForNSSInit performs lightweight setup which must occur before the |
| 30 // process goes multithreaded. This does not initialise NSS. For test, see | 30 // process goes multithreaded. This does not initialise NSS. For test, see |
| 31 // EnsureNSSInit. | 31 // EnsureNSSInit. |
| 32 CRYPTO_EXPORT void EarlySetupForNSSInit(); | 32 CRYPTO_EXPORT void EarlySetupForNSSInit(); |
| 33 #endif | 33 #endif |
| 34 | 34 |
| 35 // Initialize NRPR if it isn't already initialized. This function is | 35 // Initialize NRPR if it isn't already initialized. This function is |
| 36 // thread-safe, and NSPR will only ever be initialized once. | 36 // thread-safe, and NSPR will only ever be initialized once. |
| 37 CRYPTO_EXPORT void EnsureNSPRInit(); | 37 CRYPTO_EXPORT void EnsureNSPRInit(); |
| 38 | 38 |
| 39 // Initialize NSS safely for strict sandboxing. This function makes sure that |
| 40 // NSS is initialized safely and will have proper entropy in a restricted, |
| 41 // sandboxed environment. |
| 42 // |
| 43 // As a defense in depth measure, this function should be called in a sandboxed |
| 44 // environment to make sure NSS will not load security modules that could |
| 45 // expose private data and keys. Make sure to get an LGTM from security |
| 46 // if you use this. |
| 47 CRYPTO_EXPORT void WarmUpNSSSafely(); |
| 48 |
| 39 // Initialize NSS if it isn't already initialized. This must be called before | 49 // Initialize NSS if it isn't already initialized. This must be called before |
| 40 // any other NSS functions. This function is thread-safe, and NSS will only | 50 // any other NSS functions. This function is thread-safe, and NSS will only |
| 41 // ever be initialized once. | 51 // ever be initialized once. |
| 42 CRYPTO_EXPORT void EnsureNSSInit(); | 52 CRYPTO_EXPORT void EnsureNSSInit(); |
| 43 | 53 |
| 44 // Call this before calling EnsureNSSInit() will force NSS to initialize | 54 // Call this before calling EnsureNSSInit() will force NSS to initialize |
| 45 // without a persistent DB. This is used for the special case where access of | 55 // without a persistent DB. This is used for the special case where access of |
| 46 // persistent DB is prohibited. | 56 // persistent DB is prohibited. |
| 47 // | 57 // |
| 48 // TODO(hclam): Isolate loading default root certs. | 58 // TODO(hclam): Isolate loading default root certs. |
| 49 // | 59 // |
| 50 // NSS will be initialized without loading any user security modules, including | 60 // NSS will be initialized without loading any user security modules, including |
| 51 // the built-in root certificates module. User security modules need to be | 61 // the built-in root certificates module. User security modules need to be |
| 52 // loaded manually after NSS initialization. | 62 // loaded manually after NSS initialization. |
| 53 // | 63 // |
| 54 // If EnsureNSSInit() is called before then this function has no effect. | 64 // If EnsureNSSInit() is called before then this function has no effect. |
| 55 // | 65 // |
| 56 // Calling this method only has effect on Linux. | 66 // Calling this method only has effect on Linux. |
| 57 // | 67 // |
| 58 // WARNING: Use this with caution. | 68 // WARNING: Use this with caution. |
| 59 CRYPTO_EXPORT void ForceNSSNoDBInit(); | 69 CRYPTO_EXPORT void ForceNSSNoDBInit(); |
| 60 | 70 |
| 61 // This methods is used to disable checks in NSS when used in a forked process. | 71 // This method is used to disable checks in NSS when used in a forked process. |
| 62 // NSS checks whether it is running a forked process to avoid problems when | 72 // NSS checks whether it is running a forked process to avoid problems when |
| 63 // using user security modules in a forked process. However if we are sure | 73 // using user security modules in a forked process. However if we are sure |
| 64 // there are no modules loaded before the process is forked then there is no | 74 // there are no modules loaded before the process is forked then there is no |
| 65 // harm disabling the check. | 75 // harm disabling the check. |
| 66 // | 76 // |
| 67 // This method must be called before EnsureNSSInit() to take effect. | 77 // This method must be called before EnsureNSSInit() to take effect. |
| 68 // | 78 // |
| 69 // WARNING: Use this with caution. | 79 // WARNING: Use this with caution. |
| 70 CRYPTO_EXPORT void DisableNSSForkCheck(); | 80 CRYPTO_EXPORT void DisableNSSForkCheck(); |
| 71 | 81 |
| (...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 163 private: | 173 private: |
| 164 base::Lock *lock_; | 174 base::Lock *lock_; |
| 165 DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock); | 175 DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock); |
| 166 }; | 176 }; |
| 167 | 177 |
| 168 #endif // defined(USE_NSS) | 178 #endif // defined(USE_NSS) |
| 169 | 179 |
| 170 } // namespace crypto | 180 } // namespace crypto |
| 171 | 181 |
| 172 #endif // CRYPTO_NSS_UTIL_H_ | 182 #endif // CRYPTO_NSS_UTIL_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11411013:
Initialize NSS in the PPAPI process for ClearKey CDM. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master