OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/nss_util.h" | 5 #include "crypto/nss_util.h" |
6 | 6 |
7 #include <nss.h> | 7 #include <nss.h> |
8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
9 #include <plarena.h> | 9 #include <plarena.h> |
10 #include <prerror.h> | 10 #include <prerror.h> |
(...skipping 24 matching lines...) Expand all Loading... | |
35 #include "base/base_paths.h" | 35 #include "base/base_paths.h" |
36 #include "base/bind.h" | 36 #include "base/bind.h" |
37 #include "base/cpu.h" | 37 #include "base/cpu.h" |
38 #include "base/debug/alias.h" | 38 #include "base/debug/alias.h" |
39 #include "base/debug/stack_trace.h" | 39 #include "base/debug/stack_trace.h" |
40 #include "base/environment.h" | 40 #include "base/environment.h" |
41 #include "base/files/file_path.h" | 41 #include "base/files/file_path.h" |
42 #include "base/files/file_util.h" | 42 #include "base/files/file_util.h" |
43 #include "base/lazy_instance.h" | 43 #include "base/lazy_instance.h" |
44 #include "base/logging.h" | 44 #include "base/logging.h" |
45 #include "base/memory/ptr_util.h" | |
45 #include "base/native_library.h" | 46 #include "base/native_library.h" |
46 #include "base/path_service.h" | 47 #include "base/path_service.h" |
47 #include "base/stl_util.h" | |
48 #include "base/strings/stringprintf.h" | 48 #include "base/strings/stringprintf.h" |
49 #include "base/synchronization/lock.h" | 49 #include "base/synchronization/lock.h" |
50 #include "base/threading/thread_checker.h" | 50 #include "base/threading/thread_checker.h" |
51 #include "base/threading/thread_restrictions.h" | 51 #include "base/threading/thread_restrictions.h" |
52 #include "base/threading/worker_pool.h" | 52 #include "base/threading/worker_pool.h" |
53 #include "build/build_config.h" | 53 #include "build/build_config.h" |
54 #include "crypto/nss_crypto_module_delegate.h" | 54 #include "crypto/nss_crypto_module_delegate.h" |
55 | 55 |
56 namespace crypto { | 56 namespace crypto { |
57 | 57 |
(...skipping 428 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
486 // This user already exists in our mapping. | 486 // This user already exists in our mapping. |
487 DVLOG(2) << username_hash << " already initialized."; | 487 DVLOG(2) << username_hash << " already initialized."; |
488 return false; | 488 return false; |
489 } | 489 } |
490 | 490 |
491 DVLOG(2) << "Opening NSS DB " << path.value(); | 491 DVLOG(2) << "Opening NSS DB " << path.value(); |
492 std::string db_name = base::StringPrintf( | 492 std::string db_name = base::StringPrintf( |
493 "%s %s", kUserNSSDatabaseName, username_hash.c_str()); | 493 "%s %s", kUserNSSDatabaseName, username_hash.c_str()); |
494 ScopedPK11Slot public_slot(OpenPersistentNSSDBForPath(db_name, path)); | 494 ScopedPK11Slot public_slot(OpenPersistentNSSDBForPath(db_name, path)); |
495 chromeos_user_map_[username_hash] = | 495 chromeos_user_map_[username_hash] = |
496 new ChromeOSUserData(std::move(public_slot)); | 496 base::MakeUnique<ChromeOSUserData>(std::move(public_slot)); |
497 return true; | 497 return true; |
498 } | 498 } |
499 | 499 |
500 bool ShouldInitializeTPMForChromeOSUser(const std::string& username_hash) { | 500 bool ShouldInitializeTPMForChromeOSUser(const std::string& username_hash) { |
501 DCHECK(thread_checker_.CalledOnValidThread()); | 501 DCHECK(thread_checker_.CalledOnValidThread()); |
502 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); | 502 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); |
503 | 503 |
504 return !chromeos_user_map_[username_hash] | 504 return !chromeos_user_map_[username_hash] |
505 ->private_slot_initialization_started(); | 505 ->private_slot_initialization_started(); |
506 } | 506 } |
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
593 return ScopedPK11Slot(); | 593 return ScopedPK11Slot(); |
594 } | 594 } |
595 | 595 |
596 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); | 596 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); |
597 | 597 |
598 return chromeos_user_map_[username_hash]->GetPrivateSlot(callback); | 598 return chromeos_user_map_[username_hash]->GetPrivateSlot(callback); |
599 } | 599 } |
600 | 600 |
601 void CloseChromeOSUserForTesting(const std::string& username_hash) { | 601 void CloseChromeOSUserForTesting(const std::string& username_hash) { |
602 DCHECK(thread_checker_.CalledOnValidThread()); | 602 DCHECK(thread_checker_.CalledOnValidThread()); |
603 ChromeOSUserMap::iterator i = chromeos_user_map_.find(username_hash); | 603 auto i = chromeos_user_map_.find(username_hash); |
604 DCHECK(i != chromeos_user_map_.end()); | 604 DCHECK(i != chromeos_user_map_.end()); |
605 delete i->second; | |
606 chromeos_user_map_.erase(i); | 605 chromeos_user_map_.erase(i); |
607 } | 606 } |
608 | 607 |
609 void SetSystemKeySlotForTesting(ScopedPK11Slot slot) { | 608 void SetSystemKeySlotForTesting(ScopedPK11Slot slot) { |
610 // Ensure that a previous value of test_system_slot_ is not overwritten. | 609 // Ensure that a previous value of test_system_slot_ is not overwritten. |
611 // Unsetting, i.e. setting a nullptr, however is allowed. | 610 // Unsetting, i.e. setting a nullptr, however is allowed. |
612 DCHECK(!slot || !test_system_slot_); | 611 DCHECK(!slot || !test_system_slot_); |
613 test_system_slot_ = std::move(slot); | 612 test_system_slot_ = std::move(slot); |
614 if (test_system_slot_) { | 613 if (test_system_slot_) { |
615 tpm_slot_.reset(PK11_ReferenceSlot(test_system_slot_.get())); | 614 tpm_slot_.reset(PK11_ReferenceSlot(test_system_slot_.get())); |
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
744 // NSS 3.14.) | 743 // NSS 3.14.) |
745 NSS_SetAlgorithmPolicy(SEC_OID_MD5, 0, NSS_USE_ALG_IN_CERT_SIGNATURE); | 744 NSS_SetAlgorithmPolicy(SEC_OID_MD5, 0, NSS_USE_ALG_IN_CERT_SIGNATURE); |
746 NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, | 745 NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, |
747 0, NSS_USE_ALG_IN_CERT_SIGNATURE); | 746 0, NSS_USE_ALG_IN_CERT_SIGNATURE); |
748 } | 747 } |
749 | 748 |
750 // NOTE(willchan): We don't actually execute this code since we leak NSS to | 749 // NOTE(willchan): We don't actually execute this code since we leak NSS to |
751 // prevent non-joinable threads from using NSS after it's already been shut | 750 // prevent non-joinable threads from using NSS after it's already been shut |
752 // down. | 751 // down. |
753 ~NSSInitSingleton() { | 752 ~NSSInitSingleton() { |
754 #if defined(OS_CHROMEOS) | |
755 base::STLDeleteValues(&chromeos_user_map_); | |
davidben
2016/11/03 02:13:48
rsleevi: Is there a requirement to clear chromeos_
Avi (use Gerrit)
2016/11/03 02:17:57
I can totally put
chromeos_user_map_.clear();
ba
davidben
2016/11/03 02:20:29
Yeah. I figure we may as well see if Ryan knows de
Ryan Sleevi
2016/11/03 03:06:41
We'll never hit this, and with the move to make Si
| |
756 #endif | |
757 tpm_slot_.reset(); | 753 tpm_slot_.reset(); |
758 if (root_) { | 754 if (root_) { |
759 SECMOD_UnloadUserModule(root_); | 755 SECMOD_UnloadUserModule(root_); |
760 SECMOD_DestroyModule(root_); | 756 SECMOD_DestroyModule(root_); |
761 root_ = nullptr; | 757 root_ = nullptr; |
762 } | 758 } |
763 if (chaps_module_) { | 759 if (chaps_module_) { |
764 SECMOD_UnloadUserModule(chaps_module_); | 760 SECMOD_UnloadUserModule(chaps_module_); |
765 SECMOD_DestroyModule(chaps_module_); | 761 SECMOD_DestroyModule(chaps_module_); |
766 chaps_module_ = nullptr; | 762 chaps_module_ = nullptr; |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
815 } | 811 } |
816 | 812 |
817 bool tpm_token_enabled_for_nss_; | 813 bool tpm_token_enabled_for_nss_; |
818 bool initializing_tpm_token_; | 814 bool initializing_tpm_token_; |
819 typedef std::vector<base::Closure> TPMReadyCallbackList; | 815 typedef std::vector<base::Closure> TPMReadyCallbackList; |
820 TPMReadyCallbackList tpm_ready_callback_list_; | 816 TPMReadyCallbackList tpm_ready_callback_list_; |
821 SECMODModule* chaps_module_; | 817 SECMODModule* chaps_module_; |
822 crypto::ScopedPK11Slot tpm_slot_; | 818 crypto::ScopedPK11Slot tpm_slot_; |
823 SECMODModule* root_; | 819 SECMODModule* root_; |
824 #if defined(OS_CHROMEOS) | 820 #if defined(OS_CHROMEOS) |
825 typedef std::map<std::string, ChromeOSUserData*> ChromeOSUserMap; | 821 std::map<std::string, std::unique_ptr<ChromeOSUserData>> chromeos_user_map_; |
826 ChromeOSUserMap chromeos_user_map_; | |
827 ScopedPK11Slot test_system_slot_; | 822 ScopedPK11Slot test_system_slot_; |
828 #endif | 823 #endif |
829 // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011 | 824 // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011 |
830 // is fixed, we will no longer need the lock. | 825 // is fixed, we will no longer need the lock. |
831 base::Lock write_lock_; | 826 base::Lock write_lock_; |
832 | 827 |
833 base::ThreadChecker thread_checker_; | 828 base::ThreadChecker thread_checker_; |
834 }; | 829 }; |
835 | 830 |
836 base::LazyInstance<NSSInitSingleton>::Leaky | 831 base::LazyInstance<NSSInitSingleton>::Leaky |
(...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
983 return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue(); | 978 return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue(); |
984 } | 979 } |
985 | 980 |
986 #if !defined(OS_CHROMEOS) | 981 #if !defined(OS_CHROMEOS) |
987 PK11SlotInfo* GetPersistentNSSKeySlot() { | 982 PK11SlotInfo* GetPersistentNSSKeySlot() { |
988 return g_nss_singleton.Get().GetPersistentNSSKeySlot(); | 983 return g_nss_singleton.Get().GetPersistentNSSKeySlot(); |
989 } | 984 } |
990 #endif | 985 #endif |
991 | 986 |
992 } // namespace crypto | 987 } // namespace crypto |
OLD | NEW |