Use nss_util.{h,cc} also on Windows. On Windows, NSS is

initialized without databases because we'll continue to use
the Windows system certificate store.

base\third_party\nss is now compiled with -DNO_NSPR_10_SUPPORT
(because the NSPR 1.0 types int8 - int64 and uint8 - uint64
conflict with the same-named types in "base/basictypes.h"),
so the uint32 type needs to be replaced by unsigned int.

R=agl,mark
BUG=28744
TEST=No build errors.
Review URL: http://codereview.chromium.org/557012

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@37289 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 46 insertions, 16 deletions

diff --git a/base/base.gypi b/base/base.gypi
index 3fe12ae..9cd56dc 100644
--- a/base/base.gypi
+++ b/base/base.gypi
@@ -289,8 +289,6 @@
                 'directory_watcher_inotify.cc',
                 'linux_util.cc',
                 'message_pump_glib.cc',
-                'nss_util.cc',
-                'nss_util.h',
               ],
           },],
           [ 'OS != "linux"', {
@@ -322,13 +320,19 @@
               ],
             },
           ],
-          [ 'OS != "mac"', {
+          [ 'OS == "mac"', {
+              'sources!': [
+                # TODO(wtc): Remove nss_util.{cc,h} when http://crbug.com/30689
+                # is fixed.
+                'nss_util.cc',
+                'nss_util.h',
+              ],
+          }, {  # OS != "mac"
               'sources!': [
                 'crypto/cssm_init.cc',
                 'crypto/cssm_init.h',
               ],
-            }
-          ],
+          },],
           [ 'OS == "win"', {
               'include_dirs': [
                 '../chrome/third_party/wtl/include',
@@ -432,7 +436,11 @@
               ],
             },
         },],
-        [ 'OS != "win"', {
+        [ 'OS == "win"', {
+            'dependencies': [
+              '../third_party/nss/nss.gyp:nss',
+            ],
+        }, {  # OS != "win"
             'dependencies': ['../third_party/libevent/libevent.gyp:libevent'],
             'sources!': [
               'third_party/purify/pure_api.c',
@@ -451,8 +459,7 @@
               'win_util.cc',
               'wmi_util.cc',
             ],
-          },
-        ],
+        },],
       ],
       'sources': [
         'crypto/cssm_init.cc',
diff --git a/base/nss_util.cc b/base/nss_util.cc
index f440f70..13f61b6 100644
--- a/base/nss_util.cc
+++ b/base/nss_util.cc
@@ -17,8 +17,16 @@
 #include "base/singleton.h"
 #include "base/string_util.h"
 
+// On some platforms, we use NSS for SSL only -- we don't use NSS for crypto
+// or certificate verification, and we don't use the NSS certificate and key
+// databases.
+#if defined(OS_WIN)
+#define USE_NSS_FOR_SSL_ONLY 1
+#endif
+
 namespace {
 
+#if !defined(USE_NSS_FOR_SSL_ONLY)
 std::string GetDefaultConfigDirectory() {
   const char* home = getenv("HOME");
   if (home == NULL) {
@@ -49,6 +57,7 @@ SECMODModule *InitDefaultRootCerts() {
   NOTREACHED();
   return NULL;
 }
+#endif  // !defined(USE_NSS_FOR_SSL_ONLY)
 
 // A singleton to initialize/deinitialize NSPR.
 // Separate from the NSS singleton because we initialize NSPR on the UI thread.
@@ -69,7 +78,7 @@ class NSPRInitSingleton {
 
 class NSSInitSingleton {
  public:
-  NSSInitSingleton() {
+  NSSInitSingleton() : root_(NULL) {
     base::EnsureNSPRInit();
 
     // We *must* have NSS >= 3.12.3.  See bug 26448.
@@ -83,6 +92,14 @@ class NSSInitSingleton {
     CHECK(NSS_VersionCheck("3.12.3")) << "We depend on NSS >= 3.12.3";
 
     SECStatus status = SECFailure;
+#if defined(USE_NSS_FOR_SSL_ONLY)
+    // Use the system certificate store, so initialize NSS without database.
+    status = NSS_NoDB_Init(NULL);
+    if (status != SECSuccess) {
+      LOG(ERROR) << "Error initializing NSS without a persistent "
+                    "database: NSS error code " << PR_GetError();
+    }
+#else
     std::string database_dir = GetDefaultConfigDirectory();
     if (!database_dir.empty()) {
       // Initialize with a persistant database (~/.pki/nssdb).
@@ -117,6 +134,7 @@ class NSSInitSingleton {
     }
 
     root_ = InitDefaultRootCerts();
+#endif  // defined(USE_NSS_FOR_SSL_ONLY)
   }
 
   ~NSSInitSingleton() {
diff --git a/base/third_party/nss/README.chromium b/base/third_party/nss/README.chromium
index 7106351..44cecac 100644
--- a/base/third_party/nss/README.chromium
+++ b/base/third_party/nss/README.chromium
@@ -6,3 +6,8 @@ deleted or commented out unused code, and tweaked them for Chrome's source
 tree.  sha512.c is renamed sha512.cc so that it can include Chrome's C++
 header "base/basictypes.h".  We define NOUNROLL256 to reduce the object code
 size.
+
+In blapi.h and sha512.cc, replaced uint32 by unsigned int so that they can
+be compiled with -DNO_NSPR_10_SUPPORT.  NO_NSPR_10_SUPPORT turns off the
+definition of the NSPR 1.0 types int8 - int64 and uint8 - uint64 to avoid
+conflict with the same-named types defined in "base/basictypes.h".
diff --git a/base/third_party/nss/blapi.h b/base/third_party/nss/blapi.h
index 6e57ee0..b1f8dc0 100644
--- a/base/third_party/nss/blapi.h
+++ b/base/third_party/nss/blapi.h
@@ -54,7 +54,7 @@ extern void SHA256_Update(SHA256Context *cx, const unsigned char *input,
 extern void SHA256_End(SHA256Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+			      unsigned int src_length);
 extern SECStatus SHA256_Hash(unsigned char *dest, const char *src);
 extern void SHA256_TraceState(SHA256Context *cx);
 extern unsigned int SHA256_FlattenSize(SHA256Context *cx);
@@ -72,7 +72,7 @@ extern void SHA512_Update(SHA512Context *cx, const unsigned char *input,
 extern void SHA512_End(SHA512Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+			      unsigned int src_length);
 extern SECStatus SHA512_Hash(unsigned char *dest, const char *src);
 extern void SHA512_TraceState(SHA512Context *cx);
 extern unsigned int SHA512_FlattenSize(SHA512Context *cx);
@@ -90,7 +90,7 @@ extern void SHA384_Update(SHA384Context *cx, const unsigned char *input,
 extern void SHA384_End(SHA384Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
+			      unsigned int src_length);
 extern SECStatus SHA384_Hash(unsigned char *dest, const char *src);
 extern void SHA384_TraceState(SHA384Context *cx);
 extern unsigned int SHA384_FlattenSize(SHA384Context *cx);
diff --git a/base/third_party/nss/sha512.cc b/base/third_party/nss/sha512.cc
index 5a02f46..6ad0645 100644
--- a/base/third_party/nss/sha512.cc
+++ b/base/third_party/nss/sha512.cc
@@ -54,7 +54,7 @@
 #include <string.h>
 #define PORT_New(type) static_cast<type*>(malloc(sizeof(type)))
 #define PORT_ZFree(ptr, len) do { memset(ptr, 0, len); free(ptr); } while (0)
-#define PORT_Strlen(s) static_cast<uint32>(strlen(s))
+#define PORT_Strlen(s) static_cast<unsigned int>(strlen(s))
 #define PORT_Memcpy memcpy
 
 /* ============= Common constants and defines ======================= */
@@ -475,7 +475,7 @@ SHA256_End(SHA256Context *ctx, unsigned char *digest,
 #if 0
 SECStatus
 SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
-               uint32 src_length)
+               unsigned int src_length)
 {
     SHA256Context ctx;
     unsigned int outLen;
@@ -1133,7 +1133,7 @@ SHA512_End(SHA512Context *ctx, unsigned char *digest,
 
 SECStatus
 SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
-               uint32 src_length)
+               unsigned int src_length)
 {
     SHA512Context ctx;
     unsigned int outLen;
@@ -1241,7 +1241,7 @@ SHA384_End(SHA384Context *ctx, unsigned char *digest,
 
 SECStatus
 SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
-			  uint32 src_length)
+			  unsigned int src_length)
 {
     SHA512Context ctx;
     unsigned int outLen;