OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/nss_util.h" | 5 #include "crypto/nss_util.h" |
6 | 6 |
7 #include <nss.h> | 7 #include <nss.h> |
8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
9 #include <plarena.h> | 9 #include <plarena.h> |
10 #include <prerror.h> | 10 #include <prerror.h> |
(...skipping 26 matching lines...) Expand all Loading... |
37 #include "base/environment.h" | 37 #include "base/environment.h" |
38 #include "base/files/file_path.h" | 38 #include "base/files/file_path.h" |
39 #include "base/files/file_util.h" | 39 #include "base/files/file_util.h" |
40 #include "base/lazy_instance.h" | 40 #include "base/lazy_instance.h" |
41 #include "base/logging.h" | 41 #include "base/logging.h" |
42 #include "base/message_loop/message_loop.h" | 42 #include "base/message_loop/message_loop.h" |
43 #include "base/native_library.h" | 43 #include "base/native_library.h" |
44 #include "base/path_service.h" | 44 #include "base/path_service.h" |
45 #include "base/stl_util.h" | 45 #include "base/stl_util.h" |
46 #include "base/strings/stringprintf.h" | 46 #include "base/strings/stringprintf.h" |
| 47 #include "base/synchronization/lock.h" |
47 #include "base/threading/thread_checker.h" | 48 #include "base/threading/thread_checker.h" |
48 #include "base/threading/thread_restrictions.h" | 49 #include "base/threading/thread_restrictions.h" |
49 #include "base/threading/worker_pool.h" | 50 #include "base/threading/worker_pool.h" |
50 #include "build/build_config.h" | 51 #include "build/build_config.h" |
51 | |
52 // USE_NSS_CERTS means NSS is used for certificates and platform integration. | |
53 // This requires additional support to manage the platform certificate and key | |
54 // stores. | |
55 #if defined(USE_NSS_CERTS) | |
56 #include "base/synchronization/lock.h" | |
57 #include "crypto/nss_crypto_module_delegate.h" | 52 #include "crypto/nss_crypto_module_delegate.h" |
58 #endif // defined(USE_NSS_CERTS) | |
59 | 53 |
60 namespace crypto { | 54 namespace crypto { |
61 | 55 |
62 namespace { | 56 namespace { |
63 | 57 |
64 #if defined(OS_CHROMEOS) | 58 #if defined(OS_CHROMEOS) |
65 const char kUserNSSDatabaseName[] = "UserNSSDB"; | 59 const char kUserNSSDatabaseName[] = "UserNSSDB"; |
66 | 60 |
67 // Constants for loading the Chrome OS TPM-backed PKCS #11 library. | 61 // Constants for loading the Chrome OS TPM-backed PKCS #11 library. |
68 const char kChapsModuleName[] = "Chaps"; | 62 const char kChapsModuleName[] = "Chaps"; |
69 const char kChapsPath[] = "libchaps.so"; | 63 const char kChapsPath[] = "libchaps.so"; |
70 | 64 |
71 // Fake certificate authority database used for testing. | 65 // Fake certificate authority database used for testing. |
72 static const base::FilePath::CharType kReadOnlyCertDB[] = | 66 static const base::FilePath::CharType kReadOnlyCertDB[] = |
73 FILE_PATH_LITERAL("/etc/fake_root_ca/nssdb"); | 67 FILE_PATH_LITERAL("/etc/fake_root_ca/nssdb"); |
74 #endif // defined(OS_CHROMEOS) | 68 #endif // defined(OS_CHROMEOS) |
75 | 69 |
76 std::string GetNSSErrorMessage() { | 70 std::string GetNSSErrorMessage() { |
77 std::string result; | 71 std::string result; |
78 if (PR_GetErrorTextLength()) { | 72 if (PR_GetErrorTextLength()) { |
79 std::unique_ptr<char[]> error_text(new char[PR_GetErrorTextLength() + 1]); | 73 std::unique_ptr<char[]> error_text(new char[PR_GetErrorTextLength() + 1]); |
80 PRInt32 copied = PR_GetErrorText(error_text.get()); | 74 PRInt32 copied = PR_GetErrorText(error_text.get()); |
81 result = std::string(error_text.get(), copied); | 75 result = std::string(error_text.get(), copied); |
82 } else { | 76 } else { |
83 result = base::StringPrintf("NSS error code: %d", PR_GetError()); | 77 result = base::StringPrintf("NSS error code: %d", PR_GetError()); |
84 } | 78 } |
85 return result; | 79 return result; |
86 } | 80 } |
87 | 81 |
88 #if defined(USE_NSS_CERTS) | |
89 #if !defined(OS_CHROMEOS) | 82 #if !defined(OS_CHROMEOS) |
90 base::FilePath GetDefaultConfigDirectory() { | 83 base::FilePath GetDefaultConfigDirectory() { |
91 base::FilePath dir; | 84 base::FilePath dir; |
92 PathService::Get(base::DIR_HOME, &dir); | 85 PathService::Get(base::DIR_HOME, &dir); |
93 if (dir.empty()) { | 86 if (dir.empty()) { |
94 LOG(ERROR) << "Failed to get home directory."; | 87 LOG(ERROR) << "Failed to get home directory."; |
95 return dir; | 88 return dir; |
96 } | 89 } |
97 dir = dir.AppendASCII(".pki").AppendASCII("nssdb"); | 90 dir = dir.AppendASCII(".pki").AppendASCII("nssdb"); |
98 if (!base::CreateDirectory(dir)) { | 91 if (!base::CreateDirectory(dir)) { |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
140 return NULL; | 133 return NULL; |
141 } | 134 } |
142 | 135 |
143 // NSS creates a local cache of the sqlite database if it detects that the | 136 // NSS creates a local cache of the sqlite database if it detects that the |
144 // filesystem the database is on is much slower than the local disk. The | 137 // filesystem the database is on is much slower than the local disk. The |
145 // detection doesn't work with the latest versions of sqlite, such as 3.6.22 | 138 // detection doesn't work with the latest versions of sqlite, such as 3.6.22 |
146 // (NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=578561). So we set | 139 // (NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=578561). So we set |
147 // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's | 140 // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's |
148 // detection when database_dir is on NFS. See http://crbug.com/48585. | 141 // detection when database_dir is on NFS. See http://crbug.com/48585. |
149 // | 142 // |
150 // TODO(wtc): port this function to other USE_NSS_CERTS platforms. It is | |
151 // defined only for OS_LINUX and OS_OPENBSD simply because the statfs structure | |
152 // is OS-specific. | |
153 // | |
154 // Because this function sets an environment variable it must be run before we | 143 // Because this function sets an environment variable it must be run before we |
155 // go multi-threaded. | 144 // go multi-threaded. |
156 void UseLocalCacheOfNSSDatabaseIfNFS(const base::FilePath& database_dir) { | 145 void UseLocalCacheOfNSSDatabaseIfNFS(const base::FilePath& database_dir) { |
157 bool db_on_nfs = false; | 146 bool db_on_nfs = false; |
158 #if defined(OS_LINUX) | 147 #if defined(OS_LINUX) |
159 base::FileSystemType fs_type = base::FILE_SYSTEM_UNKNOWN; | 148 base::FileSystemType fs_type = base::FILE_SYSTEM_UNKNOWN; |
160 if (base::GetFileSystemType(database_dir, &fs_type)) | 149 if (base::GetFileSystemType(database_dir, &fs_type)) |
161 db_on_nfs = (fs_type == base::FILE_SYSTEM_NFS); | 150 db_on_nfs = (fs_type == base::FILE_SYSTEM_NFS); |
162 #elif defined(OS_OPENBSD) | 151 #elif defined(OS_OPENBSD) |
163 struct statfs buf; | 152 struct statfs buf; |
164 if (statfs(database_dir.value().c_str(), &buf) == 0) | 153 if (statfs(database_dir.value().c_str(), &buf) == 0) |
165 db_on_nfs = (strcmp(buf.f_fstypename, MOUNT_NFS) == 0); | 154 db_on_nfs = (strcmp(buf.f_fstypename, MOUNT_NFS) == 0); |
166 #else | 155 #else |
167 NOTIMPLEMENTED(); | 156 NOTIMPLEMENTED(); |
168 #endif | 157 #endif |
169 | 158 |
170 if (db_on_nfs) { | 159 if (db_on_nfs) { |
171 std::unique_ptr<base::Environment> env(base::Environment::Create()); | 160 std::unique_ptr<base::Environment> env(base::Environment::Create()); |
172 static const char kUseCacheEnvVar[] = "NSS_SDB_USE_CACHE"; | 161 static const char kUseCacheEnvVar[] = "NSS_SDB_USE_CACHE"; |
173 if (!env->HasVar(kUseCacheEnvVar)) | 162 if (!env->HasVar(kUseCacheEnvVar)) |
174 env->SetVar(kUseCacheEnvVar, "yes"); | 163 env->SetVar(kUseCacheEnvVar, "yes"); |
175 } | 164 } |
176 } | 165 } |
177 | 166 |
178 #endif // defined(USE_NSS_CERTS) | |
179 | |
180 // A singleton to initialize/deinitialize NSPR. | 167 // A singleton to initialize/deinitialize NSPR. |
181 // Separate from the NSS singleton because we initialize NSPR on the UI thread. | 168 // Separate from the NSS singleton because we initialize NSPR on the UI thread. |
182 // Now that we're leaking the singleton, we could merge back with the NSS | 169 // Now that we're leaking the singleton, we could merge back with the NSS |
183 // singleton. | 170 // singleton. |
184 class NSPRInitSingleton { | 171 class NSPRInitSingleton { |
185 private: | 172 private: |
186 friend struct base::DefaultLazyInstanceTraits<NSPRInitSingleton>; | 173 friend struct base::DefaultLazyInstanceTraits<NSPRInitSingleton>; |
187 | 174 |
188 NSPRInitSingleton() { | 175 NSPRInitSingleton() { |
189 PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); | 176 PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); |
(...skipping 473 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
663 base::Bind(&NSSInitSingleton::GetSystemNSSKeySlotCallback, | 650 base::Bind(&NSSInitSingleton::GetSystemNSSKeySlotCallback, |
664 base::Unretained(this) /* singleton is leaky */, | 651 base::Unretained(this) /* singleton is leaky */, |
665 callback); | 652 callback); |
666 } | 653 } |
667 if (IsTPMTokenReady(wrapped_callback)) | 654 if (IsTPMTokenReady(wrapped_callback)) |
668 return ScopedPK11Slot(PK11_ReferenceSlot(tpm_slot_.get())); | 655 return ScopedPK11Slot(PK11_ReferenceSlot(tpm_slot_.get())); |
669 return ScopedPK11Slot(); | 656 return ScopedPK11Slot(); |
670 } | 657 } |
671 #endif | 658 #endif |
672 | 659 |
673 #if defined(USE_NSS_CERTS) | |
674 base::Lock* write_lock() { | 660 base::Lock* write_lock() { |
675 return &write_lock_; | 661 return &write_lock_; |
676 } | 662 } |
677 #endif // defined(USE_NSS_CERTS) | |
678 | 663 |
679 private: | 664 private: |
680 friend struct base::DefaultLazyInstanceTraits<NSSInitSingleton>; | 665 friend struct base::DefaultLazyInstanceTraits<NSSInitSingleton>; |
681 | 666 |
682 NSSInitSingleton() | 667 NSSInitSingleton() |
683 : tpm_token_enabled_for_nss_(false), | 668 : tpm_token_enabled_for_nss_(false), |
684 initializing_tpm_token_(false), | 669 initializing_tpm_token_(false), |
685 chaps_module_(NULL), | 670 chaps_module_(NULL), |
686 root_(NULL) { | 671 root_(NULL) { |
687 // It's safe to construct on any thread, since LazyInstance will prevent any | 672 // It's safe to construct on any thread, since LazyInstance will prevent any |
(...skipping 11 matching lines...) Expand all Loading... |
699 // Also check the run-time NSS version. | 684 // Also check the run-time NSS version. |
700 // NSS_VersionCheck is a >= check, not strict equality. | 685 // NSS_VersionCheck is a >= check, not strict equality. |
701 if (!NSS_VersionCheck("3.14.3")) { | 686 if (!NSS_VersionCheck("3.14.3")) { |
702 LOG(FATAL) << "NSS_VersionCheck(\"3.14.3\") failed. NSS >= 3.14.3 is " | 687 LOG(FATAL) << "NSS_VersionCheck(\"3.14.3\") failed. NSS >= 3.14.3 is " |
703 "required. Please upgrade to the latest NSS, and if you " | 688 "required. Please upgrade to the latest NSS, and if you " |
704 "still get this error, contact your distribution " | 689 "still get this error, contact your distribution " |
705 "maintainer."; | 690 "maintainer."; |
706 } | 691 } |
707 | 692 |
708 SECStatus status = SECFailure; | 693 SECStatus status = SECFailure; |
709 bool nodb_init = false; | 694 base::FilePath database_dir = GetInitialConfigDirectory(); |
| 695 if (!database_dir.empty()) { |
| 696 // This duplicates the work which should have been done in |
| 697 // EarlySetupForNSSInit. However, this function is idempotent so |
| 698 // there's no harm done. |
| 699 UseLocalCacheOfNSSDatabaseIfNFS(database_dir); |
710 | 700 |
711 #if !defined(USE_NSS_CERTS) | 701 // Initialize with a persistent database (likely, ~/.pki/nssdb). |
712 // Use the system certificate store, so initialize NSS without database. | 702 // Use "sql:" which can be shared by multiple processes safely. |
713 nodb_init = true; | 703 std::string nss_config_dir = |
| 704 base::StringPrintf("sql:%s", database_dir.value().c_str()); |
| 705 #if defined(OS_CHROMEOS) |
| 706 status = NSS_Init(nss_config_dir.c_str()); |
| 707 #else |
| 708 status = NSS_InitReadWrite(nss_config_dir.c_str()); |
714 #endif | 709 #endif |
715 | 710 if (status != SECSuccess) { |
716 if (nodb_init) { | 711 LOG(ERROR) << "Error initializing NSS with a persistent " |
| 712 "database (" << nss_config_dir |
| 713 << "): " << GetNSSErrorMessage(); |
| 714 } |
| 715 } |
| 716 if (status != SECSuccess) { |
| 717 VLOG(1) << "Initializing NSS without a persistent database."; |
717 status = NSS_NoDB_Init(NULL); | 718 status = NSS_NoDB_Init(NULL); |
718 if (status != SECSuccess) { | 719 if (status != SECSuccess) { |
719 CrashOnNSSInitFailure(); | 720 CrashOnNSSInitFailure(); |
720 return; | 721 return; |
721 } | 722 } |
722 #if defined(OS_IOS) | 723 } |
723 root_ = InitDefaultRootCerts(); | |
724 #endif // defined(OS_IOS) | |
725 } else { | |
726 #if defined(USE_NSS_CERTS) | |
727 base::FilePath database_dir = GetInitialConfigDirectory(); | |
728 if (!database_dir.empty()) { | |
729 // This duplicates the work which should have been done in | |
730 // EarlySetupForNSSInit. However, this function is idempotent so | |
731 // there's no harm done. | |
732 UseLocalCacheOfNSSDatabaseIfNFS(database_dir); | |
733 | 724 |
734 // Initialize with a persistent database (likely, ~/.pki/nssdb). | 725 PK11_SetPasswordFunc(PKCS11PasswordFunc); |
735 // Use "sql:" which can be shared by multiple processes safely. | |
736 std::string nss_config_dir = | |
737 base::StringPrintf("sql:%s", database_dir.value().c_str()); | |
738 #if defined(OS_CHROMEOS) | |
739 status = NSS_Init(nss_config_dir.c_str()); | |
740 #else | |
741 status = NSS_InitReadWrite(nss_config_dir.c_str()); | |
742 #endif | |
743 if (status != SECSuccess) { | |
744 LOG(ERROR) << "Error initializing NSS with a persistent " | |
745 "database (" << nss_config_dir | |
746 << "): " << GetNSSErrorMessage(); | |
747 } | |
748 } | |
749 if (status != SECSuccess) { | |
750 VLOG(1) << "Initializing NSS without a persistent database."; | |
751 status = NSS_NoDB_Init(NULL); | |
752 if (status != SECSuccess) { | |
753 CrashOnNSSInitFailure(); | |
754 return; | |
755 } | |
756 } | |
757 | 726 |
758 PK11_SetPasswordFunc(PKCS11PasswordFunc); | 727 // If we haven't initialized the password for the NSS databases, |
| 728 // initialize an empty-string password so that we don't need to |
| 729 // log in. |
| 730 PK11SlotInfo* slot = PK11_GetInternalKeySlot(); |
| 731 if (slot) { |
| 732 // PK11_InitPin may write to the keyDB, but no other thread can use NSS |
| 733 // yet, so we don't need to lock. |
| 734 if (PK11_NeedUserInit(slot)) |
| 735 PK11_InitPin(slot, NULL, NULL); |
| 736 PK11_FreeSlot(slot); |
| 737 } |
759 | 738 |
760 // If we haven't initialized the password for the NSS databases, | 739 root_ = InitDefaultRootCerts(); |
761 // initialize an empty-string password so that we don't need to | |
762 // log in. | |
763 PK11SlotInfo* slot = PK11_GetInternalKeySlot(); | |
764 if (slot) { | |
765 // PK11_InitPin may write to the keyDB, but no other thread can use NSS | |
766 // yet, so we don't need to lock. | |
767 if (PK11_NeedUserInit(slot)) | |
768 PK11_InitPin(slot, NULL, NULL); | |
769 PK11_FreeSlot(slot); | |
770 } | |
771 | |
772 root_ = InitDefaultRootCerts(); | |
773 #endif // defined(USE_NSS_CERTS) | |
774 } | |
775 | 740 |
776 // Disable MD5 certificate signatures. (They are disabled by default in | 741 // Disable MD5 certificate signatures. (They are disabled by default in |
777 // NSS 3.14.) | 742 // NSS 3.14.) |
778 NSS_SetAlgorithmPolicy(SEC_OID_MD5, 0, NSS_USE_ALG_IN_CERT_SIGNATURE); | 743 NSS_SetAlgorithmPolicy(SEC_OID_MD5, 0, NSS_USE_ALG_IN_CERT_SIGNATURE); |
779 NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, | 744 NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, |
780 0, NSS_USE_ALG_IN_CERT_SIGNATURE); | 745 0, NSS_USE_ALG_IN_CERT_SIGNATURE); |
781 } | 746 } |
782 | 747 |
783 // NOTE(willchan): We don't actually execute this code since we leak NSS to | 748 // NOTE(willchan): We don't actually execute this code since we leak NSS to |
784 // prevent non-joinable threads from using NSS after it's already been shut | 749 // prevent non-joinable threads from using NSS after it's already been shut |
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
852 typedef std::vector<base::Closure> TPMReadyCallbackList; | 817 typedef std::vector<base::Closure> TPMReadyCallbackList; |
853 TPMReadyCallbackList tpm_ready_callback_list_; | 818 TPMReadyCallbackList tpm_ready_callback_list_; |
854 SECMODModule* chaps_module_; | 819 SECMODModule* chaps_module_; |
855 crypto::ScopedPK11Slot tpm_slot_; | 820 crypto::ScopedPK11Slot tpm_slot_; |
856 SECMODModule* root_; | 821 SECMODModule* root_; |
857 #if defined(OS_CHROMEOS) | 822 #if defined(OS_CHROMEOS) |
858 typedef std::map<std::string, ChromeOSUserData*> ChromeOSUserMap; | 823 typedef std::map<std::string, ChromeOSUserData*> ChromeOSUserMap; |
859 ChromeOSUserMap chromeos_user_map_; | 824 ChromeOSUserMap chromeos_user_map_; |
860 ScopedPK11Slot test_system_slot_; | 825 ScopedPK11Slot test_system_slot_; |
861 #endif | 826 #endif |
862 #if defined(USE_NSS_CERTS) | |
863 // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011 | 827 // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011 |
864 // is fixed, we will no longer need the lock. | 828 // is fixed, we will no longer need the lock. |
865 base::Lock write_lock_; | 829 base::Lock write_lock_; |
866 #endif // defined(USE_NSS_CERTS) | |
867 | 830 |
868 base::ThreadChecker thread_checker_; | 831 base::ThreadChecker thread_checker_; |
869 }; | 832 }; |
870 | 833 |
871 base::LazyInstance<NSSInitSingleton>::Leaky | 834 base::LazyInstance<NSSInitSingleton>::Leaky |
872 g_nss_singleton = LAZY_INSTANCE_INITIALIZER; | 835 g_nss_singleton = LAZY_INSTANCE_INITIALIZER; |
873 } // namespace | 836 } // namespace |
874 | 837 |
875 #if defined(USE_NSS_CERTS) | |
876 ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path, | 838 ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path, |
877 const std::string& description) { | 839 const std::string& description) { |
878 const std::string modspec = | 840 const std::string modspec = |
879 base::StringPrintf("configDir='sql:%s' tokenDescription='%s'", | 841 base::StringPrintf("configDir='sql:%s' tokenDescription='%s'", |
880 path.value().c_str(), | 842 path.value().c_str(), |
881 description.c_str()); | 843 description.c_str()); |
882 PK11SlotInfo* db_slot = SECMOD_OpenUserDB(modspec.c_str()); | 844 PK11SlotInfo* db_slot = SECMOD_OpenUserDB(modspec.c_str()); |
883 if (db_slot) { | 845 if (db_slot) { |
884 if (PK11_NeedUserInit(db_slot)) | 846 if (PK11_NeedUserInit(db_slot)) |
885 PK11_InitPin(db_slot, NULL, NULL); | 847 PK11_InitPin(db_slot, NULL, NULL); |
886 } else { | 848 } else { |
887 LOG(ERROR) << "Error opening persistent database (" << modspec | 849 LOG(ERROR) << "Error opening persistent database (" << modspec |
888 << "): " << GetNSSErrorMessage(); | 850 << "): " << GetNSSErrorMessage(); |
889 } | 851 } |
890 return ScopedPK11Slot(db_slot); | 852 return ScopedPK11Slot(db_slot); |
891 } | 853 } |
892 | 854 |
893 void EarlySetupForNSSInit() { | 855 void EarlySetupForNSSInit() { |
894 base::FilePath database_dir = GetInitialConfigDirectory(); | 856 base::FilePath database_dir = GetInitialConfigDirectory(); |
895 if (!database_dir.empty()) | 857 if (!database_dir.empty()) |
896 UseLocalCacheOfNSSDatabaseIfNFS(database_dir); | 858 UseLocalCacheOfNSSDatabaseIfNFS(database_dir); |
897 } | 859 } |
898 #endif | |
899 | 860 |
900 void EnsureNSPRInit() { | 861 void EnsureNSPRInit() { |
901 g_nspr_singleton.Get(); | 862 g_nspr_singleton.Get(); |
902 } | 863 } |
903 | 864 |
904 void EnsureNSSInit() { | 865 void EnsureNSSInit() { |
905 // Initializing SSL causes us to do blocking IO. | 866 // Initializing SSL causes us to do blocking IO. |
906 // Temporarily allow it until we fix | 867 // Temporarily allow it until we fix |
907 // http://code.google.com/p/chromium/issues/detail?id=59847 | 868 // http://code.google.com/p/chromium/issues/detail?id=59847 |
908 base::ThreadRestrictions::ScopedAllowIO allow_io; | 869 base::ThreadRestrictions::ScopedAllowIO allow_io; |
909 g_nss_singleton.Get(); | 870 g_nss_singleton.Get(); |
910 } | 871 } |
911 | 872 |
912 bool CheckNSSVersion(const char* version) { | 873 bool CheckNSSVersion(const char* version) { |
913 return !!NSS_VersionCheck(version); | 874 return !!NSS_VersionCheck(version); |
914 } | 875 } |
915 | 876 |
916 #if defined(USE_NSS_CERTS) | |
917 base::Lock* GetNSSWriteLock() { | 877 base::Lock* GetNSSWriteLock() { |
918 return g_nss_singleton.Get().write_lock(); | 878 return g_nss_singleton.Get().write_lock(); |
919 } | 879 } |
920 | 880 |
921 AutoNSSWriteLock::AutoNSSWriteLock() : lock_(GetNSSWriteLock()) { | 881 AutoNSSWriteLock::AutoNSSWriteLock() : lock_(GetNSSWriteLock()) { |
922 // May be NULL if the lock is not needed in our version of NSS. | 882 // May be NULL if the lock is not needed in our version of NSS. |
923 if (lock_) | 883 if (lock_) |
924 lock_->Acquire(); | 884 lock_->Acquire(); |
925 } | 885 } |
926 | 886 |
927 AutoNSSWriteLock::~AutoNSSWriteLock() { | 887 AutoNSSWriteLock::~AutoNSSWriteLock() { |
928 if (lock_) { | 888 if (lock_) { |
929 lock_->AssertAcquired(); | 889 lock_->AssertAcquired(); |
930 lock_->Release(); | 890 lock_->Release(); |
931 } | 891 } |
932 } | 892 } |
933 | 893 |
934 AutoSECMODListReadLock::AutoSECMODListReadLock() | 894 AutoSECMODListReadLock::AutoSECMODListReadLock() |
935 : lock_(SECMOD_GetDefaultModuleListLock()) { | 895 : lock_(SECMOD_GetDefaultModuleListLock()) { |
936 SECMOD_GetReadLock(lock_); | 896 SECMOD_GetReadLock(lock_); |
937 } | 897 } |
938 | 898 |
939 AutoSECMODListReadLock::~AutoSECMODListReadLock() { | 899 AutoSECMODListReadLock::~AutoSECMODListReadLock() { |
940 SECMOD_ReleaseReadLock(lock_); | 900 SECMOD_ReleaseReadLock(lock_); |
941 } | 901 } |
942 #endif // defined(USE_NSS_CERTS) | |
943 | 902 |
944 #if defined(OS_CHROMEOS) | 903 #if defined(OS_CHROMEOS) |
945 ScopedPK11Slot GetSystemNSSKeySlot( | 904 ScopedPK11Slot GetSystemNSSKeySlot( |
946 const base::Callback<void(ScopedPK11Slot)>& callback) { | 905 const base::Callback<void(ScopedPK11Slot)>& callback) { |
947 return g_nss_singleton.Get().GetSystemNSSKeySlot(callback); | 906 return g_nss_singleton.Get().GetSystemNSSKeySlot(callback); |
948 } | 907 } |
949 | 908 |
950 void SetSystemKeySlotForTesting(ScopedPK11Slot slot) { | 909 void SetSystemKeySlotForTesting(ScopedPK11Slot slot) { |
951 g_nss_singleton.Get().SetSystemKeySlotForTesting(std::move(slot)); | 910 g_nss_singleton.Get().SetSystemKeySlotForTesting(std::move(slot)); |
952 } | 911 } |
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1022 return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue(); | 981 return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue(); |
1023 } | 982 } |
1024 | 983 |
1025 #if !defined(OS_CHROMEOS) | 984 #if !defined(OS_CHROMEOS) |
1026 PK11SlotInfo* GetPersistentNSSKeySlot() { | 985 PK11SlotInfo* GetPersistentNSSKeySlot() { |
1027 return g_nss_singleton.Get().GetPersistentNSSKeySlot(); | 986 return g_nss_singleton.Get().GetPersistentNSSKeySlot(); |
1028 } | 987 } |
1029 #endif | 988 #endif |
1030 | 989 |
1031 } // namespace crypto | 990 } // namespace crypto |
OLD | NEW |