OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/nss_util.h" | 5 #include "crypto/nss_util.h" |
6 | 6 |
7 #include <nss.h> | 7 #include <nss.h> |
8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
9 #include <plarena.h> | 9 #include <plarena.h> |
10 #include <prerror.h> | 10 #include <prerror.h> |
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
119 // CryptoModuleBlockingPasswordDelegate object. | 119 // CryptoModuleBlockingPasswordDelegate object. |
120 char* PKCS11PasswordFunc(PK11SlotInfo* slot, PRBool retry, void* arg) { | 120 char* PKCS11PasswordFunc(PK11SlotInfo* slot, PRBool retry, void* arg) { |
121 crypto::CryptoModuleBlockingPasswordDelegate* delegate = | 121 crypto::CryptoModuleBlockingPasswordDelegate* delegate = |
122 reinterpret_cast<crypto::CryptoModuleBlockingPasswordDelegate*>(arg); | 122 reinterpret_cast<crypto::CryptoModuleBlockingPasswordDelegate*>(arg); |
123 if (delegate) { | 123 if (delegate) { |
124 bool cancelled = false; | 124 bool cancelled = false; |
125 std::string password = delegate->RequestPassword(PK11_GetTokenName(slot), | 125 std::string password = delegate->RequestPassword(PK11_GetTokenName(slot), |
126 retry != PR_FALSE, | 126 retry != PR_FALSE, |
127 &cancelled); | 127 &cancelled); |
128 if (cancelled) | 128 if (cancelled) |
129 return NULL; | 129 return nullptr; |
130 char* result = PORT_Strdup(password.c_str()); | 130 char* result = PORT_Strdup(password.c_str()); |
131 password.replace(0, password.size(), password.size(), 0); | 131 password.replace(0, password.size(), password.size(), 0); |
132 return result; | 132 return result; |
133 } | 133 } |
134 DLOG(ERROR) << "PK11 password requested with NULL arg"; | 134 DLOG(ERROR) << "PK11 password requested with nullptr arg"; |
135 return NULL; | 135 return nullptr; |
136 } | 136 } |
137 | 137 |
138 // NSS creates a local cache of the sqlite database if it detects that the | 138 // NSS creates a local cache of the sqlite database if it detects that the |
139 // filesystem the database is on is much slower than the local disk. The | 139 // filesystem the database is on is much slower than the local disk. The |
140 // detection doesn't work with the latest versions of sqlite, such as 3.6.22 | 140 // detection doesn't work with the latest versions of sqlite, such as 3.6.22 |
141 // (NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=578561). So we set | 141 // (NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=578561). So we set |
142 // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's | 142 // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's |
143 // detection when database_dir is on NFS. See http://crbug.com/48585. | 143 // detection when database_dir is on NFS. See http://crbug.com/48585. |
144 // | 144 // |
145 // Because this function sets an environment variable it must be run before we | 145 // Because this function sets an environment variable it must be run before we |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
211 private_slot_initialization_started_(false) {} | 211 private_slot_initialization_started_(false) {} |
212 ~ChromeOSUserData() { | 212 ~ChromeOSUserData() { |
213 if (public_slot_) { | 213 if (public_slot_) { |
214 SECStatus status = SECMOD_CloseUserDB(public_slot_.get()); | 214 SECStatus status = SECMOD_CloseUserDB(public_slot_.get()); |
215 if (status != SECSuccess) | 215 if (status != SECSuccess) |
216 PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError(); | 216 PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError(); |
217 } | 217 } |
218 } | 218 } |
219 | 219 |
220 ScopedPK11Slot GetPublicSlot() { | 220 ScopedPK11Slot GetPublicSlot() { |
221 return ScopedPK11Slot( | 221 return ScopedPK11Slot(public_slot_ ? PK11_ReferenceSlot(public_slot_.get()) |
222 public_slot_ ? PK11_ReferenceSlot(public_slot_.get()) : NULL); | 222 : nullptr); |
223 } | 223 } |
224 | 224 |
225 ScopedPK11Slot GetPrivateSlot( | 225 ScopedPK11Slot GetPrivateSlot( |
226 const base::Callback<void(ScopedPK11Slot)>& callback) { | 226 const base::Callback<void(ScopedPK11Slot)>& callback) { |
227 if (private_slot_) | 227 if (private_slot_) |
228 return ScopedPK11Slot(PK11_ReferenceSlot(private_slot_.get())); | 228 return ScopedPK11Slot(PK11_ReferenceSlot(private_slot_.get())); |
229 if (!callback.is_null()) | 229 if (!callback.is_null()) |
230 tpm_ready_callback_list_.push_back(callback); | 230 tpm_ready_callback_list_.push_back(callback); |
231 return ScopedPK11Slot(); | 231 return ScopedPK11Slot(); |
232 } | 232 } |
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
346 DCHECK(!initializing_tpm_token_); | 346 DCHECK(!initializing_tpm_token_); |
347 // If EnableTPMTokenForNSS hasn't been called, return false. | 347 // If EnableTPMTokenForNSS hasn't been called, return false. |
348 if (!tpm_token_enabled_for_nss_) { | 348 if (!tpm_token_enabled_for_nss_) { |
349 base::ThreadTaskRunnerHandle::Get()->PostTask( | 349 base::ThreadTaskRunnerHandle::Get()->PostTask( |
350 FROM_HERE, base::Bind(callback, false)); | 350 FROM_HERE, base::Bind(callback, false)); |
351 return; | 351 return; |
352 } | 352 } |
353 | 353 |
354 // If everything is already initialized, then return true. | 354 // If everything is already initialized, then return true. |
355 // Note that only |tpm_slot_| is checked, since |chaps_module_| could be | 355 // Note that only |tpm_slot_| is checked, since |chaps_module_| could be |
356 // NULL in tests while |tpm_slot_| has been set to the test DB. | 356 // nullptr in tests while |tpm_slot_| has been set to the test DB. |
357 if (tpm_slot_) { | 357 if (tpm_slot_) { |
358 base::ThreadTaskRunnerHandle::Get()->PostTask(FROM_HERE, | 358 base::ThreadTaskRunnerHandle::Get()->PostTask(FROM_HERE, |
359 base::Bind(callback, true)); | 359 base::Bind(callback, true)); |
360 return; | 360 return; |
361 } | 361 } |
362 | 362 |
363 // Note that a reference is not taken to chaps_module_. This is safe since | 363 // Note that a reference is not taken to chaps_module_. This is safe since |
364 // NSSInitSingleton is Leaky, so the reference it holds is never released. | 364 // NSSInitSingleton is Leaky, so the reference it holds is never released. |
365 std::unique_ptr<TPMModuleAndSlot> tpm_args( | 365 std::unique_ptr<TPMModuleAndSlot> tpm_args( |
366 new TPMModuleAndSlot(chaps_module_)); | 366 new TPMModuleAndSlot(chaps_module_)); |
(...skipping 234 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
601 void CloseChromeOSUserForTesting(const std::string& username_hash) { | 601 void CloseChromeOSUserForTesting(const std::string& username_hash) { |
602 DCHECK(thread_checker_.CalledOnValidThread()); | 602 DCHECK(thread_checker_.CalledOnValidThread()); |
603 ChromeOSUserMap::iterator i = chromeos_user_map_.find(username_hash); | 603 ChromeOSUserMap::iterator i = chromeos_user_map_.find(username_hash); |
604 DCHECK(i != chromeos_user_map_.end()); | 604 DCHECK(i != chromeos_user_map_.end()); |
605 delete i->second; | 605 delete i->second; |
606 chromeos_user_map_.erase(i); | 606 chromeos_user_map_.erase(i); |
607 } | 607 } |
608 | 608 |
609 void SetSystemKeySlotForTesting(ScopedPK11Slot slot) { | 609 void SetSystemKeySlotForTesting(ScopedPK11Slot slot) { |
610 // Ensure that a previous value of test_system_slot_ is not overwritten. | 610 // Ensure that a previous value of test_system_slot_ is not overwritten. |
611 // Unsetting, i.e. setting a NULL, however is allowed. | 611 // Unsetting, i.e. setting a nullptr, however is allowed. |
612 DCHECK(!slot || !test_system_slot_); | 612 DCHECK(!slot || !test_system_slot_); |
613 test_system_slot_ = std::move(slot); | 613 test_system_slot_ = std::move(slot); |
614 if (test_system_slot_) { | 614 if (test_system_slot_) { |
615 tpm_slot_.reset(PK11_ReferenceSlot(test_system_slot_.get())); | 615 tpm_slot_.reset(PK11_ReferenceSlot(test_system_slot_.get())); |
616 RunAndClearTPMReadyCallbackList(); | 616 RunAndClearTPMReadyCallbackList(); |
617 } else { | 617 } else { |
618 tpm_slot_.reset(); | 618 tpm_slot_.reset(); |
619 } | 619 } |
620 } | 620 } |
621 #endif // defined(OS_CHROMEOS) | 621 #endif // defined(OS_CHROMEOS) |
(...skipping 15 matching lines...) Expand all Loading... |
637 const base::Callback<void(ScopedPK11Slot)>& callback) { | 637 const base::Callback<void(ScopedPK11Slot)>& callback) { |
638 callback.Run(ScopedPK11Slot(PK11_ReferenceSlot(tpm_slot_.get()))); | 638 callback.Run(ScopedPK11Slot(PK11_ReferenceSlot(tpm_slot_.get()))); |
639 } | 639 } |
640 | 640 |
641 ScopedPK11Slot GetSystemNSSKeySlot( | 641 ScopedPK11Slot GetSystemNSSKeySlot( |
642 const base::Callback<void(ScopedPK11Slot)>& callback) { | 642 const base::Callback<void(ScopedPK11Slot)>& callback) { |
643 DCHECK(thread_checker_.CalledOnValidThread()); | 643 DCHECK(thread_checker_.CalledOnValidThread()); |
644 // TODO(mattm): chromeos::TPMTokenloader always calls | 644 // TODO(mattm): chromeos::TPMTokenloader always calls |
645 // InitializeTPMTokenAndSystemSlot with slot 0. If the system slot is | 645 // InitializeTPMTokenAndSystemSlot with slot 0. If the system slot is |
646 // disabled, tpm_slot_ will be the first user's slot instead. Can that be | 646 // disabled, tpm_slot_ will be the first user's slot instead. Can that be |
647 // detected and return NULL instead? | 647 // detected and return nullptr instead? |
648 | 648 |
649 base::Closure wrapped_callback; | 649 base::Closure wrapped_callback; |
650 if (!callback.is_null()) { | 650 if (!callback.is_null()) { |
651 wrapped_callback = | 651 wrapped_callback = |
652 base::Bind(&NSSInitSingleton::GetSystemNSSKeySlotCallback, | 652 base::Bind(&NSSInitSingleton::GetSystemNSSKeySlotCallback, |
653 base::Unretained(this) /* singleton is leaky */, | 653 base::Unretained(this) /* singleton is leaky */, |
654 callback); | 654 callback); |
655 } | 655 } |
656 if (IsTPMTokenReady(wrapped_callback)) | 656 if (IsTPMTokenReady(wrapped_callback)) |
657 return ScopedPK11Slot(PK11_ReferenceSlot(tpm_slot_.get())); | 657 return ScopedPK11Slot(PK11_ReferenceSlot(tpm_slot_.get())); |
658 return ScopedPK11Slot(); | 658 return ScopedPK11Slot(); |
659 } | 659 } |
660 #endif | 660 #endif |
661 | 661 |
662 base::Lock* write_lock() { | 662 base::Lock* write_lock() { |
663 return &write_lock_; | 663 return &write_lock_; |
664 } | 664 } |
665 | 665 |
666 private: | 666 private: |
667 friend struct base::DefaultLazyInstanceTraits<NSSInitSingleton>; | 667 friend struct base::DefaultLazyInstanceTraits<NSSInitSingleton>; |
668 | 668 |
669 NSSInitSingleton() | 669 NSSInitSingleton() |
670 : tpm_token_enabled_for_nss_(false), | 670 : tpm_token_enabled_for_nss_(false), |
671 initializing_tpm_token_(false), | 671 initializing_tpm_token_(false), |
672 chaps_module_(NULL), | 672 chaps_module_(nullptr), |
673 root_(NULL) { | 673 root_(nullptr) { |
674 // It's safe to construct on any thread, since LazyInstance will prevent any | 674 // It's safe to construct on any thread, since LazyInstance will prevent any |
675 // other threads from accessing until the constructor is done. | 675 // other threads from accessing until the constructor is done. |
676 thread_checker_.DetachFromThread(); | 676 thread_checker_.DetachFromThread(); |
677 | 677 |
678 EnsureNSPRInit(); | 678 EnsureNSPRInit(); |
679 | 679 |
680 // We *must* have NSS >= 3.14.3. | 680 // We *must* have NSS >= 3.14.3. |
681 static_assert( | 681 static_assert( |
682 (NSS_VMAJOR == 3 && NSS_VMINOR == 14 && NSS_VPATCH >= 3) || | 682 (NSS_VMAJOR == 3 && NSS_VMINOR == 14 && NSS_VPATCH >= 3) || |
683 (NSS_VMAJOR == 3 && NSS_VMINOR > 14) || | 683 (NSS_VMAJOR == 3 && NSS_VMINOR > 14) || |
(...skipping 26 matching lines...) Expand all Loading... |
710 status = NSS_InitReadWrite(nss_config_dir.c_str()); | 710 status = NSS_InitReadWrite(nss_config_dir.c_str()); |
711 #endif | 711 #endif |
712 if (status != SECSuccess) { | 712 if (status != SECSuccess) { |
713 LOG(ERROR) << "Error initializing NSS with a persistent " | 713 LOG(ERROR) << "Error initializing NSS with a persistent " |
714 "database (" << nss_config_dir | 714 "database (" << nss_config_dir |
715 << "): " << GetNSSErrorMessage(); | 715 << "): " << GetNSSErrorMessage(); |
716 } | 716 } |
717 } | 717 } |
718 if (status != SECSuccess) { | 718 if (status != SECSuccess) { |
719 VLOG(1) << "Initializing NSS without a persistent database."; | 719 VLOG(1) << "Initializing NSS without a persistent database."; |
720 status = NSS_NoDB_Init(NULL); | 720 status = NSS_NoDB_Init(nullptr); |
721 if (status != SECSuccess) { | 721 if (status != SECSuccess) { |
722 CrashOnNSSInitFailure(); | 722 CrashOnNSSInitFailure(); |
723 return; | 723 return; |
724 } | 724 } |
725 } | 725 } |
726 | 726 |
727 PK11_SetPasswordFunc(PKCS11PasswordFunc); | 727 PK11_SetPasswordFunc(PKCS11PasswordFunc); |
728 | 728 |
729 // If we haven't initialized the password for the NSS databases, | 729 // If we haven't initialized the password for the NSS databases, |
730 // initialize an empty-string password so that we don't need to | 730 // initialize an empty-string password so that we don't need to |
731 // log in. | 731 // log in. |
732 PK11SlotInfo* slot = PK11_GetInternalKeySlot(); | 732 PK11SlotInfo* slot = PK11_GetInternalKeySlot(); |
733 if (slot) { | 733 if (slot) { |
734 // PK11_InitPin may write to the keyDB, but no other thread can use NSS | 734 // PK11_InitPin may write to the keyDB, but no other thread can use NSS |
735 // yet, so we don't need to lock. | 735 // yet, so we don't need to lock. |
736 if (PK11_NeedUserInit(slot)) | 736 if (PK11_NeedUserInit(slot)) |
737 PK11_InitPin(slot, NULL, NULL); | 737 PK11_InitPin(slot, nullptr, nullptr); |
738 PK11_FreeSlot(slot); | 738 PK11_FreeSlot(slot); |
739 } | 739 } |
740 | 740 |
741 root_ = InitDefaultRootCerts(); | 741 root_ = InitDefaultRootCerts(); |
742 | 742 |
743 // Disable MD5 certificate signatures. (They are disabled by default in | 743 // Disable MD5 certificate signatures. (They are disabled by default in |
744 // NSS 3.14.) | 744 // NSS 3.14.) |
745 NSS_SetAlgorithmPolicy(SEC_OID_MD5, 0, NSS_USE_ALG_IN_CERT_SIGNATURE); | 745 NSS_SetAlgorithmPolicy(SEC_OID_MD5, 0, NSS_USE_ALG_IN_CERT_SIGNATURE); |
746 NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, | 746 NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, |
747 0, NSS_USE_ALG_IN_CERT_SIGNATURE); | 747 0, NSS_USE_ALG_IN_CERT_SIGNATURE); |
748 } | 748 } |
749 | 749 |
750 // NOTE(willchan): We don't actually execute this code since we leak NSS to | 750 // NOTE(willchan): We don't actually execute this code since we leak NSS to |
751 // prevent non-joinable threads from using NSS after it's already been shut | 751 // prevent non-joinable threads from using NSS after it's already been shut |
752 // down. | 752 // down. |
753 ~NSSInitSingleton() { | 753 ~NSSInitSingleton() { |
754 #if defined(OS_CHROMEOS) | 754 #if defined(OS_CHROMEOS) |
755 STLDeleteValues(&chromeos_user_map_); | 755 STLDeleteValues(&chromeos_user_map_); |
756 #endif | 756 #endif |
757 tpm_slot_.reset(); | 757 tpm_slot_.reset(); |
758 if (root_) { | 758 if (root_) { |
759 SECMOD_UnloadUserModule(root_); | 759 SECMOD_UnloadUserModule(root_); |
760 SECMOD_DestroyModule(root_); | 760 SECMOD_DestroyModule(root_); |
761 root_ = NULL; | 761 root_ = nullptr; |
762 } | 762 } |
763 if (chaps_module_) { | 763 if (chaps_module_) { |
764 SECMOD_UnloadUserModule(chaps_module_); | 764 SECMOD_UnloadUserModule(chaps_module_); |
765 SECMOD_DestroyModule(chaps_module_); | 765 SECMOD_DestroyModule(chaps_module_); |
766 chaps_module_ = NULL; | 766 chaps_module_ = nullptr; |
767 } | 767 } |
768 | 768 |
769 SECStatus status = NSS_Shutdown(); | 769 SECStatus status = NSS_Shutdown(); |
770 if (status != SECSuccess) { | 770 if (status != SECSuccess) { |
771 // We VLOG(1) because this failure is relatively harmless (leaking, but | 771 // We VLOG(1) because this failure is relatively harmless (leaking, but |
772 // we're shutting down anyway). | 772 // we're shutting down anyway). |
773 VLOG(1) << "NSS_Shutdown failed; see http://crbug.com/4609"; | 773 VLOG(1) << "NSS_Shutdown failed; see http://crbug.com/4609"; |
774 } | 774 } |
775 } | 775 } |
776 | 776 |
777 // Load nss's built-in root certs. | 777 // Load nss's built-in root certs. |
778 SECMODModule* InitDefaultRootCerts() { | 778 SECMODModule* InitDefaultRootCerts() { |
779 SECMODModule* root = LoadModule("Root Certs", "libnssckbi.so", NULL); | 779 SECMODModule* root = LoadModule("Root Certs", "libnssckbi.so", nullptr); |
780 if (root) | 780 if (root) |
781 return root; | 781 return root; |
782 | 782 |
783 // Aw, snap. Can't find/load root cert shared library. | 783 // Aw, snap. Can't find/load root cert shared library. |
784 // This will make it hard to talk to anybody via https. | 784 // This will make it hard to talk to anybody via https. |
785 // TODO(mattm): Re-add the NOTREACHED here when crbug.com/310972 is fixed. | 785 // TODO(mattm): Re-add the NOTREACHED here when crbug.com/310972 is fixed. |
786 return NULL; | 786 return nullptr; |
787 } | 787 } |
788 | 788 |
789 // Load the given module for this NSS session. | 789 // Load the given module for this NSS session. |
790 static SECMODModule* LoadModule(const char* name, | 790 static SECMODModule* LoadModule(const char* name, |
791 const char* library_path, | 791 const char* library_path, |
792 const char* params) { | 792 const char* params) { |
793 std::string modparams = base::StringPrintf( | 793 std::string modparams = base::StringPrintf( |
794 "name=\"%s\" library=\"%s\" %s", | 794 "name=\"%s\" library=\"%s\" %s", |
795 name, library_path, params ? params : ""); | 795 name, library_path, params ? params : ""); |
796 | 796 |
797 // Shouldn't need to const_cast here, but SECMOD doesn't properly | 797 // Shouldn't need to const_cast here, but SECMOD doesn't properly |
798 // declare input string arguments as const. Bug | 798 // declare input string arguments as const. Bug |
799 // https://bugzilla.mozilla.org/show_bug.cgi?id=642546 was filed | 799 // https://bugzilla.mozilla.org/show_bug.cgi?id=642546 was filed |
800 // on NSS codebase to address this. | 800 // on NSS codebase to address this. |
801 SECMODModule* module = SECMOD_LoadUserModule( | 801 SECMODModule* module = SECMOD_LoadUserModule( |
802 const_cast<char*>(modparams.c_str()), NULL, PR_FALSE); | 802 const_cast<char*>(modparams.c_str()), nullptr, PR_FALSE); |
803 if (!module) { | 803 if (!module) { |
804 LOG(ERROR) << "Error loading " << name << " module into NSS: " | 804 LOG(ERROR) << "Error loading " << name << " module into NSS: " |
805 << GetNSSErrorMessage(); | 805 << GetNSSErrorMessage(); |
806 return NULL; | 806 return nullptr; |
807 } | 807 } |
808 if (!module->loaded) { | 808 if (!module->loaded) { |
809 LOG(ERROR) << "After loading " << name << ", loaded==false: " | 809 LOG(ERROR) << "After loading " << name << ", loaded==false: " |
810 << GetNSSErrorMessage(); | 810 << GetNSSErrorMessage(); |
811 SECMOD_DestroyModule(module); | 811 SECMOD_DestroyModule(module); |
812 return NULL; | 812 return nullptr; |
813 } | 813 } |
814 return module; | 814 return module; |
815 } | 815 } |
816 | 816 |
817 bool tpm_token_enabled_for_nss_; | 817 bool tpm_token_enabled_for_nss_; |
818 bool initializing_tpm_token_; | 818 bool initializing_tpm_token_; |
819 typedef std::vector<base::Closure> TPMReadyCallbackList; | 819 typedef std::vector<base::Closure> TPMReadyCallbackList; |
820 TPMReadyCallbackList tpm_ready_callback_list_; | 820 TPMReadyCallbackList tpm_ready_callback_list_; |
821 SECMODModule* chaps_module_; | 821 SECMODModule* chaps_module_; |
822 crypto::ScopedPK11Slot tpm_slot_; | 822 crypto::ScopedPK11Slot tpm_slot_; |
(...skipping 16 matching lines...) Expand all Loading... |
839 | 839 |
840 ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path, | 840 ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path, |
841 const std::string& description) { | 841 const std::string& description) { |
842 const std::string modspec = | 842 const std::string modspec = |
843 base::StringPrintf("configDir='sql:%s' tokenDescription='%s'", | 843 base::StringPrintf("configDir='sql:%s' tokenDescription='%s'", |
844 path.value().c_str(), | 844 path.value().c_str(), |
845 description.c_str()); | 845 description.c_str()); |
846 PK11SlotInfo* db_slot = SECMOD_OpenUserDB(modspec.c_str()); | 846 PK11SlotInfo* db_slot = SECMOD_OpenUserDB(modspec.c_str()); |
847 if (db_slot) { | 847 if (db_slot) { |
848 if (PK11_NeedUserInit(db_slot)) | 848 if (PK11_NeedUserInit(db_slot)) |
849 PK11_InitPin(db_slot, NULL, NULL); | 849 PK11_InitPin(db_slot, nullptr, nullptr); |
850 } else { | 850 } else { |
851 LOG(ERROR) << "Error opening persistent database (" << modspec | 851 LOG(ERROR) << "Error opening persistent database (" << modspec |
852 << "): " << GetNSSErrorMessage(); | 852 << "): " << GetNSSErrorMessage(); |
853 } | 853 } |
854 return ScopedPK11Slot(db_slot); | 854 return ScopedPK11Slot(db_slot); |
855 } | 855 } |
856 | 856 |
857 void EarlySetupForNSSInit() { | 857 void EarlySetupForNSSInit() { |
858 base::FilePath database_dir = GetInitialConfigDirectory(); | 858 base::FilePath database_dir = GetInitialConfigDirectory(); |
859 if (!database_dir.empty()) | 859 if (!database_dir.empty()) |
(...skipping 14 matching lines...) Expand all Loading... |
874 | 874 |
875 bool CheckNSSVersion(const char* version) { | 875 bool CheckNSSVersion(const char* version) { |
876 return !!NSS_VersionCheck(version); | 876 return !!NSS_VersionCheck(version); |
877 } | 877 } |
878 | 878 |
879 base::Lock* GetNSSWriteLock() { | 879 base::Lock* GetNSSWriteLock() { |
880 return g_nss_singleton.Get().write_lock(); | 880 return g_nss_singleton.Get().write_lock(); |
881 } | 881 } |
882 | 882 |
883 AutoNSSWriteLock::AutoNSSWriteLock() : lock_(GetNSSWriteLock()) { | 883 AutoNSSWriteLock::AutoNSSWriteLock() : lock_(GetNSSWriteLock()) { |
884 // May be NULL if the lock is not needed in our version of NSS. | 884 // May be nullptr if the lock is not needed in our version of NSS. |
885 if (lock_) | 885 if (lock_) |
886 lock_->Acquire(); | 886 lock_->Acquire(); |
887 } | 887 } |
888 | 888 |
889 AutoNSSWriteLock::~AutoNSSWriteLock() { | 889 AutoNSSWriteLock::~AutoNSSWriteLock() { |
890 if (lock_) { | 890 if (lock_) { |
891 lock_->AssertAcquired(); | 891 lock_->AssertAcquired(); |
892 lock_->Release(); | 892 lock_->Release(); |
893 } | 893 } |
894 } | 894 } |
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
983 return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue(); | 983 return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue(); |
984 } | 984 } |
985 | 985 |
986 #if !defined(OS_CHROMEOS) | 986 #if !defined(OS_CHROMEOS) |
987 PK11SlotInfo* GetPersistentNSSKeySlot() { | 987 PK11SlotInfo* GetPersistentNSSKeySlot() { |
988 return g_nss_singleton.Get().GetPersistentNSSKeySlot(); | 988 return g_nss_singleton.Get().GetPersistentNSSKeySlot(); |
989 } | 989 } |
990 #endif | 990 #endif |
991 | 991 |
992 } // namespace crypto | 992 } // namespace crypto |
OLD | NEW |