diff options
| author | jorgelo@chromium.org <jorgelo@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-11-29 04:46:41 +0000 |
|---|---|---|
| committer | jorgelo@chromium.org <jorgelo@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-11-29 04:46:41 +0000 |
| commit | 2fdd99e84a0120697ae1ae0a5ff933367c264d9a (patch) | |
| tree | 9a1a61149f04342b87842d51787643d7f5e5a82e /crypto | |
| parent | 8965dfc2006d21fdb35a9f78903fefff0c2d4e27 (diff) | |
| download | chromium_src-2fdd99e84a0120697ae1ae0a5ff933367c264d9a.zip chromium_src-2fdd99e84a0120697ae1ae0a5ff933367c264d9a.tar.gz chromium_src-2fdd99e84a0120697ae1ae0a5ff933367c264d9a.tar.bz2 | |
Fix nits in crypto::InitNSSSafely().
Some comments in https://chromiumcodereview.appspot.com/11411013/
were not addressed before the CL landed, so do that now.
BUG=None
TEST=content_browsertests
NOTRY=true
Review URL: https://chromiumcodereview.appspot.com/11418212
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@170129 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/nss_util.cc | 8 | ||||
| -rw-r--r-- | crypto/nss_util.h | 15 |
2 files changed, 12 insertions, 11 deletions
diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc index 0542a34..69d74f5 100644 --- a/crypto/nss_util.cc +++ b/crypto/nss_util.cc @@ -650,15 +650,15 @@ void EnsureNSPRInit() { g_nspr_singleton.Get(); } -void WarmUpNSSSafely() { +void InitNSSSafely() { // We might fork, but we haven't loaded any security modules. - crypto::DisableNSSForkCheck(); + DisableNSSForkCheck(); // If we're sandboxed, we shouldn't be able to open user security modules, // but it's more correct to tell NSS to not even try. // Loading user security modules would have security implications. - crypto::ForceNSSNoDBInit(); + ForceNSSNoDBInit(); // Initialize NSS. - crypto::EnsureNSSInit(); + EnsureNSSInit(); } void EnsureNSSInit() { diff --git a/crypto/nss_util.h b/crypto/nss_util.h index 25043f9..7b50781 100644 --- a/crypto/nss_util.h +++ b/crypto/nss_util.h @@ -36,15 +36,16 @@ CRYPTO_EXPORT void EarlySetupForNSSInit(); // thread-safe, and NSPR will only ever be initialized once. CRYPTO_EXPORT void EnsureNSPRInit(); -// Initialize NSS safely for strict sandboxing. This function makes sure that -// NSS is initialized safely and will have proper entropy in a restricted, -// sandboxed environment. +// Initialize NSS safely for strict sandboxing. This function tells NSS to not +// load user security modules, and makes sure NSS will have proper entropy in a +// restricted, sandboxed environment. // // As a defense in depth measure, this function should be called in a sandboxed -// environment to make sure NSS will not load security modules that could -// expose private data and keys. Make sure to get an LGTM from Security -// if you use this. -CRYPTO_EXPORT void WarmUpNSSSafely(); +// environment. That way, in the event of a bug, NSS will still not be able to +// load security modules that could expose private data and keys. +// +// Make sure to get an LGTM from the Chrome Security Team if you use this. +CRYPTO_EXPORT void InitNSSSafely(); // Initialize NSS if it isn't already initialized. This must be called before // any other NSS functions. This function is thread-safe, and NSS will only |