Chromium Code Reviews Chromium Code Reviews
Issue 11411013:
Initialize NSS in the PPAPI process for ClearKey CDM. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CRYPTO_NSS_UTIL_H_ | 5 #ifndef CRYPTO_NSS_UTIL_H_ |
| 6 #define CRYPTO_NSS_UTIL_H_ | 6 #define CRYPTO_NSS_UTIL_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
| 10 #include "crypto/crypto_export.h" | 10 #include "crypto/crypto_export.h" |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 29 // EarlySetupForNSSInit performs lightweight setup which must occur before the | 29 // EarlySetupForNSSInit performs lightweight setup which must occur before the |
| 30 // process goes multithreaded. This does not initialise NSS. For test, see | 30 // process goes multithreaded. This does not initialise NSS. For test, see |
| 31 // EnsureNSSInit. | 31 // EnsureNSSInit. |
| 32 CRYPTO_EXPORT void EarlySetupForNSSInit(); | 32 CRYPTO_EXPORT void EarlySetupForNSSInit(); |
| 33 #endif | 33 #endif |
| 34 | 34 |
| 35 // Initialize NRPR if it isn't already initialized. This function is | 35 // Initialize NRPR if it isn't already initialized. This function is |
| 36 // thread-safe, and NSPR will only ever be initialized once. | 36 // thread-safe, and NSPR will only ever be initialized once. |
| 37 CRYPTO_EXPORT void EnsureNSPRInit(); | 37 CRYPTO_EXPORT void EnsureNSPRInit(); |
| 38 | 38 |
| 39 // Initialize NSS safely for strict sandboxing. This function makes sure that | |
| 40 // NSS is initialized safely and will have proper entropy in a restricted, | |
| 41 // sandboxed environment. | |
|
jln (very slow on Chromium)
2012/11/15 23:22:18
I would maybe add a comment here along the lines o
Jorge Lucangeli Obes
2012/11/15 23:52:44
Done.
| |
| 42 CRYPTO_EXPORT void WarmUpNSSSafely(); | |
| 43 | |
| 39 // Initialize NSS if it isn't already initialized. This must be called before | 44 // Initialize NSS if it isn't already initialized. This must be called before |
| 40 // any other NSS functions. This function is thread-safe, and NSS will only | 45 // any other NSS functions. This function is thread-safe, and NSS will only |
| 41 // ever be initialized once. | 46 // ever be initialized once. |
| 42 CRYPTO_EXPORT void EnsureNSSInit(); | 47 CRYPTO_EXPORT void EnsureNSSInit(); |
| 43 | 48 |
| 44 // Call this before calling EnsureNSSInit() will force NSS to initialize | 49 // Call this before calling EnsureNSSInit() will force NSS to initialize |
| 45 // without a persistent DB. This is used for the special case where access of | 50 // without a persistent DB. This is used for the special case where access of |
| 46 // persistent DB is prohibited. | 51 // persistent DB is prohibited. |
| 47 // | 52 // |
| 48 // TODO(hclam): Isolate loading default root certs. | 53 // TODO(hclam): Isolate loading default root certs. |
| 49 // | 54 // |
| 50 // NSS will be initialized without loading any user security modules, including | 55 // NSS will be initialized without loading any user security modules, including |
| 51 // the built-in root certificates module. User security modules need to be | 56 // the built-in root certificates module. User security modules need to be |
| 52 // loaded manually after NSS initialization. | 57 // loaded manually after NSS initialization. |
| 53 // | 58 // |
| 54 // If EnsureNSSInit() is called before then this function has no effect. | 59 // If EnsureNSSInit() is called before then this function has no effect. |
| 55 // | 60 // |
| 56 // Calling this method only has effect on Linux. | 61 // Calling this method only has effect on Linux. |
| 57 // | 62 // |
| 58 // WARNING: Use this with caution. | 63 // WARNING: Use this with caution. |
| 59 CRYPTO_EXPORT void ForceNSSNoDBInit(); | 64 CRYPTO_EXPORT void ForceNSSNoDBInit(); |
| 60 | 65 |
| 61 // This methods is used to disable checks in NSS when used in a forked process. | 66 // This method is used to disable checks in NSS when used in a forked process. |
| 62 // NSS checks whether it is running a forked process to avoid problems when | 67 // NSS checks whether it is running a forked process to avoid problems when |
| 63 // using user security modules in a forked process. However if we are sure | 68 // using user security modules in a forked process. However if we are sure |
| 64 // there are no modules loaded before the process is forked then there is no | 69 // there are no modules loaded before the process is forked then there is no |
| 65 // harm disabling the check. | 70 // harm disabling the check. |
| 66 // | 71 // |
| 67 // This method must be called before EnsureNSSInit() to take effect. | 72 // This method must be called before EnsureNSSInit() to take effect. |
| 68 // | 73 // |
| 69 // WARNING: Use this with caution. | 74 // WARNING: Use this with caution. |
| 70 CRYPTO_EXPORT void DisableNSSForkCheck(); | 75 CRYPTO_EXPORT void DisableNSSForkCheck(); |
| 71 | 76 |
| (...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 163 private: | 168 private: |
| 164 base::Lock *lock_; | 169 base::Lock *lock_; |
| 165 DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock); | 170 DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock); |
| 166 }; | 171 }; |
| 167 | 172 |
| 168 #endif // defined(USE_NSS) | 173 #endif // defined(USE_NSS) |
| 169 | 174 |
| 170 } // namespace crypto | 175 } // namespace crypto |
| 171 | 176 |
| 172 #endif // CRYPTO_NSS_UTIL_H_ | 177 #endif // CRYPTO_NSS_UTIL_H_ |
| OLD | NEW |
