Rename USE_NSS to USE_NSS_CERTS.

USE_NSS is confusing because it's not actually the analog of USE_OPENSSL; it's
the analog to USE_OPENSSL_CERTS. This is in preparation for the chimera build
which will set USE_OPENSSL and USE_NSS(_CERTS).

This CL was partially done automatically by the following command:

  git grep -l USE_NSS | xargs sed -i -e 's/defined(USE_NSS)/defined(USE_NSS_CERTS)/'

The remaining were caught by the following command and fixed manually:

  git grep 'USE_NSS\([^_]\|$\)'

Finally, the following command verified nothing in a separate repository was
sensitive to this change:

  find . -name '*.cc' -o -name '*.h' | xargs grep 'USE_NSS\([^_]\|$\)'

For now, the old name is still defined, but not used within Chromium.

A follow-up CL will remove deprecated use_nss and USE_NSS #defines
together which will then cause downstream churn. Though from a grep
of known downstreams, the churn seems to be fairly minimal. The
removal is split from this CL so that, if we need to revert, the
CL to revert is small.

TBR=pneubeck@chromium.org
BUG=462040

Review URL: https://codereview.chromium.org/1082123003

Cr-Commit-Position: refs/heads/master@{#325710}

4 files changed, 12 insertions, 12 deletions

diff --git a/components/webcrypto/nss/aes_kw_nss.cc b/components/webcrypto/nss/aes_kw_nss.cc
index cc690e8..77afb1f 100644
--- a/components/webcrypto/nss/aes_kw_nss.cc
+++ b/components/webcrypto/nss/aes_kw_nss.cc
@@ -46,7 +46,7 @@ Status DoUnwrapSymKeyAesKw(const CryptoData& wrapped_key_data,
   // The plaintext length is always 64 bits less than the data size.
   const unsigned int plaintext_length = wrapped_key_data.byte_length() - 8;
 
-#if defined(USE_NSS)
+#if defined(USE_NSS_CERTS)
   // Part of workaround for
   // https://bugzilla.mozilla.org/show_bug.cgi?id=981170. See the explanation
   // later in this function.
@@ -63,7 +63,7 @@ Status DoUnwrapSymKeyAesKw(const CryptoData& wrapped_key_data,
   if (!new_key)
     return Status::OperationError();
 
-#if defined(USE_NSS)
+#if defined(USE_NSS_CERTS)
   // Workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=981170
   // which was fixed in NSS 3.16.0.
   // If unwrap fails, NSS nevertheless returns a valid-looking PK11SymKey,
diff --git a/components/webcrypto/nss/rsa_hashed_algorithm_nss.cc b/components/webcrypto/nss/rsa_hashed_algorithm_nss.cc
index f186e36..1b7e4a2 100644
--- a/components/webcrypto/nss/rsa_hashed_algorithm_nss.cc
+++ b/components/webcrypto/nss/rsa_hashed_algorithm_nss.cc
@@ -22,7 +22,7 @@ namespace webcrypto {
 
 namespace {
 
-#if defined(USE_NSS) && !defined(OS_CHROMEOS)
+#if defined(USE_NSS_CERTS) && !defined(OS_CHROMEOS)
 Status ErrorRsaPrivateKeyImportNotSupported() {
   return Status::ErrorUnsupported(
       "NSS version must be at least 3.16.2 for RSA private key import. See "
@@ -125,7 +125,7 @@ struct RSAPrivateKey {
 // The system NSS library doesn't have the new PK11_ExportDERPrivateKeyInfo
 // function yet (https://bugzilla.mozilla.org/show_bug.cgi?id=519255). So we
 // provide a fallback implementation.
-#if defined(USE_NSS)
+#if defined(USE_NSS_CERTS)
 const SEC_ASN1Template RSAPrivateKeyTemplate[] = {
     {SEC_ASN1_SEQUENCE, 0, NULL, sizeof(RSAPrivateKey)},
     {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, version)},
@@ -138,7 +138,7 @@ const SEC_ASN1Template RSAPrivateKeyTemplate[] = {
     {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, exponent2)},
     {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, coefficient)},
     {0}};
-#endif  // defined(USE_NSS)
+#endif  // defined(USE_NSS_CERTS)
 
 // On success |value| will be filled with data which must be freed by
 // SECITEM_FreeItem(value, PR_FALSE);
@@ -252,7 +252,7 @@ Status ExportKeyPkcs8Nss(SECKEYPrivateKey* key, std::vector<uint8_t>* buffer) {
 
 // TODO(rsleevi): Implement OAEP support according to the spec.
 
-#if defined(USE_NSS)
+#if defined(USE_NSS_CERTS)
   // PK11_ExportDERPrivateKeyInfo isn't available. Use our fallback code.
   const SECOidTag algorithm = SEC_OID_PKCS1_RSA_ENCRYPTION;
   const int kPrivateKeyInfoVersion = 0;
@@ -290,9 +290,9 @@ Status ExportKeyPkcs8Nss(SECKEYPrivateKey* key, std::vector<uint8_t>* buffer) {
   crypto::ScopedSECItem encoded_key(
       SEC_ASN1EncodeItem(NULL, NULL, &private_key_info,
                          SEC_ASN1_GET(SECKEY_PrivateKeyInfoTemplate)));
-#else   // defined(USE_NSS)
+#else   // defined(USE_NSS_CERTS)
   crypto::ScopedSECItem encoded_key(PK11_ExportDERPrivateKeyInfo(key, NULL));
-#endif  // defined(USE_NSS)
+#endif  // defined(USE_NSS_CERTS)
 
   if (!encoded_key.get())
     return Status::OperationError();
diff --git a/components/webcrypto/nss/util_nss.cc b/components/webcrypto/nss/util_nss.cc
index 5ded382..784a980 100644
--- a/components/webcrypto/nss/util_nss.cc
+++ b/components/webcrypto/nss/util_nss.cc
@@ -10,7 +10,7 @@
 #include "crypto/nss_util.h"
 #include "crypto/scoped_nss_types.h"
 
-#if defined(USE_NSS)
+#if defined(USE_NSS_CERTS)
 #include <dlfcn.h>
 #include <secoid.h>
 #endif
@@ -42,7 +42,7 @@ NssRuntimeSupport* NssRuntimeSupport::Get() {
 }
 
 NssRuntimeSupport::NssRuntimeSupport() : internal_slot_does_oaep_(false) {
-#if !defined(USE_NSS)
+#if !defined(USE_NSS_CERTS)
   // Using a bundled version of NSS that is guaranteed to have this symbol.
   pk11_encrypt_func_ = PK11_Encrypt;
   pk11_decrypt_func_ = PK11_Decrypt;
diff --git a/components/webcrypto/test/test_helpers.cc b/components/webcrypto/test/test_helpers.cc
index a14440a..7d3ff44 100644
--- a/components/webcrypto/test/test_helpers.cc
+++ b/components/webcrypto/test/test_helpers.cc
@@ -113,7 +113,7 @@ bool SupportsRsaOaep() {
 #else
   crypto::EnsureNSSInit();
 // TODO(eroman): Exclude version test for OS_CHROMEOS
-#if defined(USE_NSS)
+#if defined(USE_NSS_CERTS)
   if (!NSS_VersionCheck("3.16.2"))
     return false;
 #endif
@@ -124,7 +124,7 @@ bool SupportsRsaOaep() {
 
 bool SupportsRsaPrivateKeyImport() {
 // TODO(eroman): Exclude version test for OS_CHROMEOS
-#if defined(USE_NSS)
+#if defined(USE_NSS_CERTS)
   crypto::EnsureNSSInit();
   if (!NSS_VersionCheck("3.16.2")) {
     LOG(WARNING) << "RSA key import is not supported by this version of NSS. "