Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(686)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: crypto/nss_util.cc

Issue 9969132: This moves nss_util back to using the options (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 8 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "crypto/nss_util.h" 5 #include "crypto/nss_util.h"
6 #include "crypto/nss_util_internal.h" 6 #include "crypto/nss_util_internal.h"
7 7
8 #include <nss.h> 8 #include <nss.h>
9 #include <plarena.h> 9 #include <plarena.h>
10 #include <prerror.h> 10 #include <prerror.h>
(...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after
190 if (PK11_GetTokenName(slot) == token_name) 190 if (PK11_GetTokenName(slot) == token_name)
191 return PK11_ReferenceSlot(slot); 191 return PK11_ReferenceSlot(slot);
192 } 192 }
193 } 193 }
194 return NULL; 194 return NULL;
195 } 195 }
196 196
197 #endif // defined(USE_NSS) 197 #endif // defined(USE_NSS)
198 198
199 #if defined(OS_CHROMEOS) 199 #if defined(OS_CHROMEOS)
200 void LogSlotInfo() { 200 void LogSlotInfo() {
Greg Spencer (Chromium) 2012/04/03 22:25:21 I'm going to remove this entire function.
201 AutoSECMODListReadLock auto_lock; 201 AutoSECMODListReadLock auto_lock;
202 SECMODModuleList* head = SECMOD_GetDefaultModuleList(); 202 SECMODModuleList* head = SECMOD_GetDefaultModuleList();
203 VLOG(1) << "Current PK11 Slot Status:"; 203 LOG(WARNING) << "Current PK11 Slot Status:";
204 for (SECMODModuleList* item = head; item != NULL; item = item->next) { 204 for (SECMODModuleList* item = head; item != NULL; item = item->next) {
205 int slot_count = item->module->loaded ? item->module->slotCount : 0; 205 int slot_count = item->module->loaded ? item->module->slotCount : 0;
206 for (int i = 0; i < slot_count; i++) { 206 for (int i = 0; i < slot_count; i++) {
207 PK11SlotInfo* slot = item->module->slots[i]; 207 PK11SlotInfo* slot = item->module->slots[i];
208 if (slot) { 208 if (slot) {
209 VLOG(1) << " ###############################"; 209 LOG(WARNING) << " ###############################";
210 VLOG(1) << " Token Name : " << PK11_GetTokenName(slot); 210 LOG(WARNING) << " Token Name : " << PK11_GetTokenName(slot);
211 VLOG(1) << " Slot Name : " << PK11_GetSlotName(slot); 211 LOG(WARNING) << " Slot Name : " << PK11_GetSlotName(slot);
212 VLOG(1) << " Slot ID : " << PK11_GetSlotID(slot); 212 LOG(WARNING) << " Slot ID : " << PK11_GetSlotID(slot);
213 VLOG(1) << " Is Friendly : " 213 LOG(WARNING) << " Is Friendly : "
214 << (PK11_IsFriendly(slot) ? "True" : "False"); 214 << (PK11_IsFriendly(slot) ? "True" : "False");
215 VLOG(1) << " Default Flags: " << PK11_GetDefaultFlags(slot); 215 LOG(WARNING) << " Default Flags: " << PK11_GetDefaultFlags(slot);
216 VLOG(1) << " Need Login : " 216 LOG(WARNING) << " Need Login : "
217 << (PK11_NeedLogin(slot) ? "Yes" : "No"); 217 << (PK11_NeedLogin(slot) ? "Yes" : "No");
218 VLOG(1) << " Is Hardware :" << (PK11_IsHW(slot) ? "Yes" : "No"); 218 LOG(WARNING) << " Is Hardware :" << (PK11_IsHW(slot) ? "Yes" : "No");
219 } 219 }
220 } 220 }
221 } 221 }
222 } 222 }
223 #endif 223 #endif
224 224
225 // A singleton to initialize/deinitialize NSPR. 225 // A singleton to initialize/deinitialize NSPR.
226 // Separate from the NSS singleton because we initialize NSPR on the UI thread. 226 // Separate from the NSS singleton because we initialize NSPR on the UI thread.
227 // Now that we're leaking the singleton, we could merge back with the NSS 227 // Now that we're leaking the singleton, we could merge back with the NSS
228 // singleton. 228 // singleton.
(...skipping 332 matching lines...) Expand 10 before | Expand all | Expand 10 after
561 // This tries to load the Chaps module so NSS can talk to the hardware 561 // This tries to load the Chaps module so NSS can talk to the hardware
562 // TPM. 562 // TPM.
563 if (!chaps_module_) { 563 if (!chaps_module_) {
564 chaps_module_ = LoadModule( 564 chaps_module_ = LoadModule(
565 kChapsModuleName, 565 kChapsModuleName,
566 kChapsPath, 566 kChapsPath,
567 // trustOrder=100 -- means it'll select this as the most 567 // trustOrder=100 -- means it'll select this as the most
568 // trusted slot for the mechanisms it provides. 568 // trusted slot for the mechanisms it provides.
569 // slotParams=... -- selects RSA as the only mechanism, and only 569 // slotParams=... -- selects RSA as the only mechanism, and only
570 // asks for the password when necessary (instead of every 570 // asks for the password when necessary (instead of every
571 // time, or after a timeout). 571 // time, or after a timeout). PublicCerts means NSS marks the
572 "trustOrder=100 slotParams=(1={slotFlags=[RSA] askpw=only})"); 572 // slot as "Friendly" so we can avoid some unnecessary locking.
573 "NSS=\"trustOrder=100 slotParams="
574 "(1={slotFlags=[RSA,PublicCerts] askpw=only})\"");
573 } 575 }
574 if (chaps_module_ && chaps_module_->loaded) { 576 if (chaps_module_ && chaps_module_->loaded) {
575 int size = 0;
576 PK11DefaultArrayEntry* entries = PK11_GetDefaultArray(&size);
577 PK11DefaultArrayEntry* friendly_entry = NULL;
578 for (int i = 0; i < size; ++i) {
579 if (entries[i].flag == SECMOD_FRIENDLY_FLAG) {
580 friendly_entry = &entries[i];
581 break;
582 }
583 }
584
585 // If this gets set, then we'll use the TPM for certs with 577 // If this gets set, then we'll use the TPM for certs with
586 // private keys, otherwise we'll fall back to the software 578 // private keys, otherwise we'll fall back to the software
587 // implementation. 579 // implementation.
588 tpm_slot_ = GetTPMSlot(); 580 tpm_slot_ = GetTPMSlot();
589 581
590 // Force the TPM slot to be "Friendly", since it seems to ignore setting 582 LogSlotInfo();
591 // "PublicCerts" above, and otherwise NSS does some unnecessary locking,
592 // and slows things down.
593 if (tpm_slot_ && friendly_entry)
594 PK11_UpdateSlotAttribute(tpm_slot_, friendly_entry, PR_TRUE);
595
596 if (VLOG_IS_ON(1))
597 LogSlotInfo();
598 583
599 callback.Run(tpm_slot_ != NULL); 584 callback.Run(tpm_slot_ != NULL);
600 return; 585 return;
601 } 586 }
602 } 587 }
603 callback.Run(false); 588 callback.Run(false);
604 } 589 }
605 #endif // defined(OS_CHROMEOS) 590 #endif // defined(OS_CHROMEOS)
606 591
607 #if defined(USE_NSS) 592 #if defined(USE_NSS)
(...skipping 235 matching lines...) Expand 10 before | Expand all | Expand 10 after
843 828
844 PK11SlotInfo* GetPublicNSSKeySlot() { 829 PK11SlotInfo* GetPublicNSSKeySlot() {
845 return g_nss_singleton.Get().GetPublicNSSKeySlot(); 830 return g_nss_singleton.Get().GetPublicNSSKeySlot();
846 } 831 }
847 832
848 PK11SlotInfo* GetPrivateNSSKeySlot() { 833 PK11SlotInfo* GetPrivateNSSKeySlot() {
849 return g_nss_singleton.Get().GetPrivateNSSKeySlot(); 834 return g_nss_singleton.Get().GetPrivateNSSKeySlot();
850 } 835 }
851 836
852 } // namespace crypto 837 } // namespace crypto
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698