diff options
author | davidben <davidben@chromium.org> | 2015-10-02 10:06:11 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-10-02 17:07:01 +0000 |
commit | ee55ed44da66cc54b3d5ab295485b7bbf3c0716a (patch) | |
tree | 0765e9d6061e89d0fc2da019f9f27834abc6db93 /crypto/nss_util.h | |
parent | d533be96e34f2ede2a231caaae74129a06a4dbc2 (diff) | |
download | chromium_src-ee55ed44da66cc54b3d5ab295485b7bbf3c0716a.zip chromium_src-ee55ed44da66cc54b3d5ab295485b7bbf3c0716a.tar.gz chromium_src-ee55ed44da66cc54b3d5ab295485b7bbf3c0716a.tar.bz2 |
Fold away now dead NSS code.
Anything not built on iOS can now assume USE_OPENSSL is set. Most notably, the
libc urandom override is now gone.
BUG=519504
Review URL: https://codereview.chromium.org/1364023003
Cr-Commit-Position: refs/heads/master@{#352061}
Diffstat (limited to 'crypto/nss_util.h')
-rw-r--r-- | crypto/nss_util.h | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/crypto/nss_util.h b/crypto/nss_util.h index 98b0f72..06c1e5d 100644 --- a/crypto/nss_util.h +++ b/crypto/nss_util.h @@ -33,65 +33,11 @@ CRYPTO_EXPORT void EarlySetupForNSSInit(); // thread-safe, and NSPR will only ever be initialized once. CRYPTO_EXPORT void EnsureNSPRInit(); -#if !defined(USE_OPENSSL) -// Initialize NSS safely for strict sandboxing. This function tells NSS to not -// load user security modules, and makes sure NSS will have proper entropy in a -// restricted, sandboxed environment. -// -// As a defense in depth measure, this function should be called in a sandboxed -// environment. That way, in the event of a bug, NSS will still not be able to -// load security modules that could expose private data and keys. -// -// Make sure to get an LGTM from the Chrome Security Team if you use this. -CRYPTO_EXPORT void InitNSSSafely(); -#endif // !defined(USE_OPENSSL) - // Initialize NSS if it isn't already initialized. This must be called before // any other NSS functions. This function is thread-safe, and NSS will only // ever be initialized once. CRYPTO_EXPORT void EnsureNSSInit(); -#if !defined(USE_OPENSSL) - -// Call this before calling EnsureNSSInit() will force NSS to initialize -// without a persistent DB. This is used for the special case where access of -// persistent DB is prohibited. -// -// TODO(hclam): Isolate loading default root certs. -// -// NSS will be initialized without loading any user security modules, including -// the built-in root certificates module. User security modules need to be -// loaded manually after NSS initialization. -// -// If EnsureNSSInit() is called before then this function has no effect. -// -// Calling this method only has effect on Linux. -// -// WARNING: Use this with caution. -CRYPTO_EXPORT void ForceNSSNoDBInit(); - -// This method is used to disable checks in NSS when used in a forked process. -// NSS checks whether it is running a forked process to avoid problems when -// using user security modules in a forked process. However if we are sure -// there are no modules loaded before the process is forked then there is no -// harm disabling the check. -// -// This method must be called before EnsureNSSInit() to take effect. -// -// WARNING: Use this with caution. -CRYPTO_EXPORT void DisableNSSForkCheck(); - -// Load NSS library files. This function has no effect on Mac and Windows. -// This loads the necessary NSS library files so that NSS can be initialized -// after loading additional library files is disallowed, for example when the -// sandbox is active. -// -// Note that this does not load libnssckbi.so which contains the root -// certificates. -CRYPTO_EXPORT void LoadNSSLibraries(); - -#endif // !USE_OPENSSL - // Check if the current NSS version is greater than or equals to |version|. // A sample version string is "3.12.3". bool CheckNSSVersion(const char* version); |