diff options
25 files changed, 543 insertions, 28 deletions
diff --git a/base/base.gyp b/base/base.gyp index 8e0b1e9..2de9b4b 100644 --- a/base/base.gyp +++ b/base/base.gyp @@ -235,6 +235,11 @@ 'win_util_unittest.cc', ], }], + [ 'use_openssl==1', { + 'sources!': [ + 'crypto/rsa_private_key_nss_unittest.cc', + ], + }], ], }, { diff --git a/base/base.gypi b/base/base.gypi index 7280eb8..b9fad5e 100644 --- a/base/base.gypi +++ b/base/base.gypi @@ -391,23 +391,28 @@ 'crypto/encryptor.h', 'crypto/encryptor_mac.cc', 'crypto/encryptor_nss.cc', + 'crypto/encryptor_openssl.cc', 'crypto/encryptor_win.cc', 'crypto/rsa_private_key.h', 'crypto/rsa_private_key.cc', 'crypto/rsa_private_key_mac.cc', 'crypto/rsa_private_key_nss.cc', + 'crypto/rsa_private_key_openssl.cc', 'crypto/rsa_private_key_win.cc', 'crypto/signature_creator.h', 'crypto/signature_creator_mac.cc', 'crypto/signature_creator_nss.cc', + 'crypto/signature_creator_openssl.cc', 'crypto/signature_creator_win.cc', 'crypto/signature_verifier.h', 'crypto/signature_verifier_mac.cc', 'crypto/signature_verifier_nss.cc', + 'crypto/signature_verifier_openssl.cc', 'crypto/signature_verifier_win.cc', 'crypto/symmetric_key.h', 'crypto/symmetric_key_mac.cc', 'crypto/symmetric_key_nss.cc', + 'crypto/symmetric_key_openssl.cc', 'crypto/symmetric_key_win.cc', 'third_party/nspr/prcpucfg.h', 'third_party/nspr/prcpucfg_win.h', @@ -432,6 +437,7 @@ 'hmac.h', 'hmac_mac.cc', 'hmac_nss.cc', + 'hmac_openssl.cc', 'hmac_win.cc', 'image_util.cc', 'image_util.h', @@ -455,6 +461,7 @@ 'setproctitle_linux.h', 'sha2.cc', 'sha2.h', + 'sha2_openssl.cc', 'string16.cc', 'string16.h', 'sync_socket.h', @@ -512,6 +519,38 @@ 'win_util.cc', ], },], + [ 'use_openssl==1', { + # TODO(joth): Use a glob to match exclude patterns once the + # OpenSSL file set is complete. + 'sources!': [ + 'crypto/encryptor_nss.cc', + 'crypto/rsa_private_key_nss.cc', + 'crypto/signature_creator_nss.cc', + 'crypto/signature_verifier_nss.cc', + 'crypto/symmetric_key_nss.cc', + 'hmac_nss.cc', + 'nss_util.cc', + 'nss_util.h', + # Note that sha2.cc depends on the NSS files bundled into + # chromium; it does not have the _nss postfix as it is required + # on platforms besides linux and *bsd. + 'sha2.cc', + 'third_party/nss/blapi.h', + 'third_party/nss/blapit.h', + 'third_party/nss/sha256.h', + 'third_party/nss/sha512.cc', + ], + }, { + 'sources!': [ + 'crypto/encryptor_openssl.cc', + 'crypto/rsa_private_key_openssl.cc', + 'crypto/signature_creator_openssl.cc', + 'crypto/signature_verifier_openssl.cc', + 'crypto/symmetric_key_openssl.cc', + 'hmac_openssl.cc', + 'sha2_openssl.cc', + ], + },], ], }], ], @@ -550,12 +589,21 @@ }, }, ], + [ 'use_openssl==1', { + 'dependencies': [ + '../build/linux/system.gyp:openssl', + ], + }, { # use_openssl==0 + 'dependencies': [ + '../build/linux/system.gyp:nss', + ], + } + ], ], 'dependencies': [ 'symbolize', '../build/util/build_util.gyp:lastchange', '../build/linux/system.gyp:gtk', - '../build/linux/system.gyp:nss', 'xdg_mime', ], 'export_dependent_settings': [ diff --git a/base/crypto/encryptor_openssl.cc b/base/crypto/encryptor_openssl.cc new file mode 100644 index 0000000..71a84be --- /dev/null +++ b/base/crypto/encryptor_openssl.cc @@ -0,0 +1,32 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/crypto/encryptor.h" + +#include "base/logging.h" + +namespace base { + +Encryptor::Encryptor() { +} + +Encryptor::~Encryptor() { +} + +bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) { + NOTIMPLEMENTED(); + return false; +} + +bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) { + NOTIMPLEMENTED(); + return false; +} + +bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) { + NOTIMPLEMENTED(); + return false; +} + +} // namespace base diff --git a/base/crypto/rsa_private_key_openssl.cc b/base/crypto/rsa_private_key_openssl.cc new file mode 100644 index 0000000..ec1d8b5 --- /dev/null +++ b/base/crypto/rsa_private_key_openssl.cc @@ -0,0 +1,79 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/crypto/rsa_private_key.h" + +#include "base/logging.h" + +namespace base { + +// static +RSAPrivateKey* RSAPrivateKey::CreateWithParams(uint16 num_bits, + bool permanent, + bool sensitive) { + NOTIMPLEMENTED(); + return NULL; +} + +// static +RSAPrivateKey* RSAPrivateKey::Create(uint16 num_bits) { + return CreateWithParams(num_bits, + false /* not permanent */, + false /* not sensitive */); +} + +// static +RSAPrivateKey* RSAPrivateKey::CreateSensitive(uint16 num_bits) { + return CreateWithParams(num_bits, + true /* permanent */, + true /* sensitive */); +} + +// static +RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfoWithParams( + const std::vector<uint8>& input, bool permanent, bool sensitive) { + NOTIMPLEMENTED(); + return NULL; +} + +// static +RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( + const std::vector<uint8>& input) { + return CreateFromPrivateKeyInfoWithParams(input, + false /* not permanent */, + false /* not sensitive */); +} + +// static +RSAPrivateKey* RSAPrivateKey::CreateSensitiveFromPrivateKeyInfo( + const std::vector<uint8>& input) { + return CreateFromPrivateKeyInfoWithParams(input, + true /* permanent */, + true /* seneitive */); +} + +// static +RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo( + const std::vector<uint8>& input) { + NOTIMPLEMENTED(); + return NULL; +} + +RSAPrivateKey::RSAPrivateKey() { +} + +RSAPrivateKey::~RSAPrivateKey() { +} + +bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) { + NOTIMPLEMENTED(); + return false; +} + +bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) { + NOTIMPLEMENTED(); + return false; +} + +} // namespace base diff --git a/base/crypto/signature_creator_openssl.cc b/base/crypto/signature_creator_openssl.cc new file mode 100644 index 0000000..5d70f01 --- /dev/null +++ b/base/crypto/signature_creator_openssl.cc @@ -0,0 +1,32 @@ +// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/crypto/signature_creator.h" + +#include "base/logging.h" + +namespace base { + +// static +SignatureCreator* SignatureCreator::Create(RSAPrivateKey* key) { + return NULL; +} + +SignatureCreator::SignatureCreator() { +} + +SignatureCreator::~SignatureCreator() { +} + +bool SignatureCreator::Update(const uint8* data_part, int data_part_len) { + NOTIMPLEMENTED(); + return false; +} + +bool SignatureCreator::Final(std::vector<uint8>* signature) { + NOTIMPLEMENTED(); + return false; +} + +} // namespace base diff --git a/base/crypto/signature_verifier_openssl.cc b/base/crypto/signature_verifier_openssl.cc new file mode 100644 index 0000000..49b5e07 --- /dev/null +++ b/base/crypto/signature_verifier_openssl.cc @@ -0,0 +1,41 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/crypto/signature_verifier.h" + +#include "base/logging.h" + +namespace base { + +SignatureVerifier::SignatureVerifier() { +} + +SignatureVerifier::~SignatureVerifier() { +} + +bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm, + int signature_algorithm_len, + const uint8* signature, + int signature_len, + const uint8* public_key_info, + int public_key_info_len) { + NOTIMPLEMENTED(); + return false; +} + +void SignatureVerifier::VerifyUpdate(const uint8* data_part, + int data_part_len) { + NOTIMPLEMENTED(); +} + +bool SignatureVerifier::VerifyFinal() { + NOTIMPLEMENTED(); + return false; +} + +void SignatureVerifier::Reset() { + NOTIMPLEMENTED(); +} + +} // namespace base diff --git a/base/crypto/symmetric_key.h b/base/crypto/symmetric_key.h index d7259be..3f2be76 100644 --- a/base/crypto/symmetric_key.h +++ b/base/crypto/symmetric_key.h @@ -65,7 +65,10 @@ class SymmetricKey { bool GetRawKey(std::string* raw_key); private: -#if defined(USE_NSS) +#if defined(USE_OPENSSL) + // TODO(joth): Add a constructor that accepts OpenSSL symmetric key data, and + // the appropriate data members to store it in. +#elif defined(USE_NSS) explicit SymmetricKey(PK11SymKey* key); ScopedPK11SymKey key_; #elif defined(OS_MACOSX) diff --git a/base/crypto/symmetric_key_openssl.cc b/base/crypto/symmetric_key_openssl.cc new file mode 100644 index 0000000..591252d --- /dev/null +++ b/base/crypto/symmetric_key_openssl.cc @@ -0,0 +1,43 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/crypto/symmetric_key.h" + +#include "base/logging.h" + +namespace base { + +SymmetricKey::~SymmetricKey() { +} + +// static +SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, + size_t key_size_in_bits) { + NOTIMPLEMENTED(); + return NULL; +} + +// static +SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm, + const std::string& password, + const std::string& salt, + size_t iterations, + size_t key_size_in_bits) { + NOTIMPLEMENTED(); + return NULL; +} + +// static +SymmetricKey* SymmetricKey::Import(Algorithm algorithm, + const std::string& raw_key) { + NOTIMPLEMENTED(); + return NULL; +} + +bool SymmetricKey::GetRawKey(std::string* raw_key) { + NOTIMPLEMENTED(); + return false; +} + +} // namespace base diff --git a/base/hmac_openssl.cc b/base/hmac_openssl.cc new file mode 100644 index 0000000..f45d3a7 --- /dev/null +++ b/base/hmac_openssl.cc @@ -0,0 +1,57 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/hmac.h" + +#include <openssl/hmac.h> + +#include <algorithm> +#include <vector> + +#include "base/logging.h" +#include "base/openssl_util.h" +#include "base/scoped_ptr.h" +#include "base/stl_util-inl.h" + +namespace base { + +struct HMACPlatformData { + std::vector<unsigned char> key; +}; + +HMAC::HMAC(HashAlgorithm hash_alg) + : hash_alg_(hash_alg), plat_(new HMACPlatformData()) { + // Only SHA-1 and SHA-256 hash algorithms are supported now. + DCHECK(hash_alg_ == SHA1 || hash_alg_ == SHA256); +} + +bool HMAC::Init(const unsigned char* key, int key_length) { + // Init must not be called more than once on the same HMAC object. + DCHECK(plat_->key.empty()); + + plat_->key.assign(key, key + key_length); + return true; +} + +HMAC::~HMAC() { + // Zero out key copy. + plat_->key.assign(plat_->key.size(), 0); + STLClearObject(&plat_->key); +} + +bool HMAC::Sign(const std::string& data, + unsigned char* digest, + int digest_length) { + DCHECK_GE(digest_length, 0); + DCHECK(!plat_->key.empty()); // Init must be called before Sign. + + ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> result(digest, digest_length); + return ::HMAC(hash_alg_ == SHA1 ? EVP_sha1() : EVP_sha256(), + &plat_->key[0], plat_->key.size(), + reinterpret_cast<const unsigned char*>(data.data()), + data.size(), + result.safe_buffer(), NULL); +} + +} // namespace base diff --git a/base/openssl_util.h b/base/openssl_util.h new file mode 100644 index 0000000..4f564cf --- /dev/null +++ b/base/openssl_util.h @@ -0,0 +1,53 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BASE_OPENNSSL_UTIL_H_ +#define BASE_OPENNSSL_UTIL_H_ +#pragma once + +#include "base/basictypes.h" + +namespace base { + +// Provides a buffer of at least MIN_SIZE bytes, for use when calling OpenSSL's +// SHA256, HMAC, etc functions, adapting the buffer sizing rules to meet those +// of the our base wrapper APIs. +// This allows the library to write directly to the caller's buffer if it is of +// sufficient size, but if not it will write to temporary |min_sized_buffer_| +// of required size and then its content is automatically copied out on +// destruction, with truncation as appropriate. +template<int MIN_SIZE> +class ScopedOpenSSLSafeSizeBuffer { + public: + ScopedOpenSSLSafeSizeBuffer(unsigned char* output, size_t output_len) + : output_(output), + output_len_(output_len) { + } + + ~ScopedOpenSSLSafeSizeBuffer() { + if (output_len_ < MIN_SIZE) { + // Copy the temporary buffer out, truncating as needed. + memcpy(output_, min_sized_buffer_, output_len_); + } + // else... any writing already happened directly into |output_|. + } + + unsigned char* safe_buffer() { + return output_len_ < MIN_SIZE ? min_sized_buffer_ : output_; + } + + private: + // Pointer to the caller's data area and it's associated size, where data + // written via safe_buffer() will [eventually] end up. + unsigned char* output_; + size_t output_len_; + + // Temporary buffer writen into in the case where the caller's + // buffer is not of sufficient size. + unsigned char min_sized_buffer_[MIN_SIZE]; +}; + +} // namespace base + +#endif // BASE_NSS_UTIL_H_ diff --git a/base/sha2_openssl.cc b/base/sha2_openssl.cc new file mode 100644 index 0000000..afbce2f --- /dev/null +++ b/base/sha2_openssl.cc @@ -0,0 +1,30 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/sha2.h" + +#include <openssl/ssl.h> + +#include "base/basictypes.h" +#include "base/openssl_util.h" +#include "base/stl_util-inl.h" + +namespace base { + +void SHA256HashString(const std::string& str, void* output, size_t len) { + COMPILE_ASSERT(SHA256_LENGTH == SHA256_DIGEST_LENGTH, + API_and_OpenSSL_SHA256_lengths_must_match); + ScopedOpenSSLSafeSizeBuffer<SHA256_DIGEST_LENGTH> result( + reinterpret_cast<unsigned char*>(output), len); + ::SHA256(reinterpret_cast<const unsigned char*>(str.data()), str.size(), + result.safe_buffer()); +} + +std::string SHA256HashString(const std::string& str) { + std::string output(SHA256_LENGTH, 0); + SHA256HashString(str, string_as_array(&output), output.size()); + return output; +} + +} // namespace base diff --git a/build/all.gyp b/build/all.gyp index 26ded8e..7174137c3 100644 --- a/build/all.gyp +++ b/build/all.gyp @@ -20,7 +20,6 @@ '../jingle/jingle.gyp:*', '../media/media.gyp:*', '../net/net.gyp:*', - '../net/third_party/nss/ssl.gyp:*', '../printing/printing.gyp:*', '../sdch/sdch.gyp:*', '../skia/skia.gyp:*', @@ -134,6 +133,11 @@ '../remoting/remoting.gyp:*', ], }], + ['use_openssl!=1', { + 'dependencies': [ + '../net/third_party/nss/ssl.gyp:*', + ], + }], ], }, ], diff --git a/build/build_config.h b/build/build_config.h index a3ddc2b..e2d26cb 100644 --- a/build/build_config.h +++ b/build/build_config.h @@ -47,10 +47,16 @@ #if defined(OS_LINUX) || defined(OS_FREEBSD) || defined(OS_OPENBSD) || \ defined(OS_SOLARIS) -#define USE_NSS 1 // Use NSS for crypto. +#if !defined(USE_OPENSSL) +#define USE_NSS 1 // Default to use NSS for crypto, unless OpenSSL is chosen. +#endif #define USE_X11 1 // Use X for graphics. #endif +#if defined(USE_OPENSSL) && defined(USE_NSS) +#error Cannot use both OpenSSL and NSS +#endif + // For access to standard POSIXish features, use OS_POSIX instead of a // more specific macro. #if defined(OS_MACOSX) || defined(OS_LINUX) || defined(OS_FREEBSD) || \ diff --git a/chrome/app/chrome_dll_main.cc b/chrome/app/chrome_dll_main.cc index d63c3ce..0d59516 100644 --- a/chrome/app/chrome_dll_main.cc +++ b/chrome/app/chrome_dll_main.cc @@ -926,8 +926,10 @@ int ChromeMain(int argc, char** argv) { ZygoteHost* zhost = Singleton<ZygoteHost>::get(); zhost->Init(sandbox_cmd); +#if defined(USE_NSS) // We want to be sure to init NSPR on the main thread. base::EnsureNSPRInit(); +#endif g_thread_init(NULL); // Glib type system initialization. Needed at least for gconf, diff --git a/chrome/browser/dom_ui/options/advanced_options_handler.cc b/chrome/browser/dom_ui/options/advanced_options_handler.cc index c5b950f..15a297c 100644 --- a/chrome/browser/dom_ui/options/advanced_options_handler.cc +++ b/chrome/browser/dom_ui/options/advanced_options_handler.cc @@ -239,7 +239,7 @@ void AdvancedOptionsHandler::RegisterMessages() { NewCallback(this, &AdvancedOptionsHandler::HandleMetricsReportingCheckbox)); #endif -#if !defined(USE_NSS) +#if !defined(USE_NSS) && !defined(USE_OPENSSL) dom_ui_->RegisterMessageCallback("showManageSSLCertificates", NewCallback(this, &AdvancedOptionsHandler::ShowManageSSLCertificates)); @@ -404,7 +404,7 @@ void AdvancedOptionsHandler::ShowNetworkProxySettings(const ListValue* args) { } #endif -#if !defined(USE_NSS) +#if !defined(USE_NSS) && !defined(USE_OPENSSL) void AdvancedOptionsHandler::ShowManageSSLCertificates(const ListValue* args) { UserMetricsRecordAction(UserMetricsAction("Options_ManageSSLCertificates")); AdvancedOptionsUtilities::ShowManageSSLCertificates(dom_ui_->tab_contents()); diff --git a/chrome/browser/importer/nss_decryptor.h b/chrome/browser/importer/nss_decryptor.h index 8361d17..9896a14 100644 --- a/chrome/browser/importer/nss_decryptor.h +++ b/chrome/browser/importer/nss_decryptor.h @@ -12,6 +12,13 @@ #include "chrome/browser/importer/nss_decryptor_mac.h" #elif defined(OS_WIN) #include "chrome/browser/importer/nss_decryptor_win.h" +#elif defined(USE_OPENSSL) +// TODO(joth): It should be an error to include this file with USE_OPENSSL +// defined. (Unless there is a way to do nss decrypt with OpenSSL). Ideally +// we remove the importers that depend on NSS when doing USE_OPENSSL builds, but +// that is going to take some non-trivial refactoring so in the meantime we're +// just falling back to a no-op implementation. +#include "chrome/browser/importer/nss_decryptor_null.h" #elif defined(USE_NSS) #include "chrome/browser/importer/nss_decryptor_system_nss.h" #endif diff --git a/chrome/browser/importer/nss_decryptor_null.h b/chrome/browser/importer/nss_decryptor_null.h new file mode 100644 index 0000000..155f1e0 --- /dev/null +++ b/chrome/browser/importer/nss_decryptor_null.h @@ -0,0 +1,40 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CHROME_BROWSER_IMPORTER_NSS_DECRYPTOR_NULL_H_ +#define CHROME_BROWSER_IMPORTER_NSS_DECRYPTOR_NULL_H_ +#pragma once + +#include <string> +#include <vector> + +#include "base/basictypes.h" +#include "base/string16.h" + +class FilePath; + +namespace webkit_glue { +struct PasswordForm; +} + +// A NULL wrapper for Firefox NSS decrypt component, for use in builds where +// we do not have the NSS library. +class NSSDecryptor { + public: + NSSDecryptor() {} + bool Init(const std::wstring& /* dll_path */, + const std::wstring& db_path) { return false; } + string16 Decrypt(const std::string& crypt) const { return string16(); } + void ParseSignons(const std::string& content, + std::vector<webkit_glue::PasswordForm>* forms) {} + bool ReadAndParseSignons(const FilePath& sqlite_file, + std::vector<webkit_glue::PasswordForm>* forms) { + return false; + } + + private: + DISALLOW_COPY_AND_ASSIGN(NSSDecryptor); +}; + +#endif // CHROME_BROWSER_IMPORTER_NSS_DECRYPTOR_NULL_H_ diff --git a/chrome/browser/sync/util/nigori.cc b/chrome/browser/sync/util/nigori.cc index 77cca2b..49ed1db 100644 --- a/chrome/browser/sync/util/nigori.cc +++ b/chrome/browser/sync/util/nigori.cc @@ -6,6 +6,8 @@ #if defined(OS_WIN) #include <winsock2.h> // for htonl +#else +#include <arpa/inet.h> #endif #include <sstream> diff --git a/chrome/chrome_browser.gypi b/chrome/chrome_browser.gypi index 3fe2650..7809a68 100644 --- a/chrome/chrome_browser.gypi +++ b/chrome/chrome_browser.gypi @@ -4080,6 +4080,13 @@ 'browser/importer/ie_importer.cc', ], }], + [ 'use_openssl==1', { + 'sources!': [ + 'browser/importer/nss_decryptor.cc', + 'browser/importer/nss_decryptor_system_nss.cc', + 'browser/importer/nss_decryptor_system_nss.h', + ], + }], ], }, { diff --git a/chrome/common/pref_names.cc b/chrome/common/pref_names.cc index 27bc3b7..a26a4d8 100644 --- a/chrome/common/pref_names.cc +++ b/chrome/common/pref_names.cc @@ -212,9 +212,9 @@ const char kInstantConfirmDialogShown[] = "instant.confirm_dialog_shown"; // Boolean pref indicating if instant is enabled. const char kInstantEnabled[] = "instant.enabled"; -#if defined(USE_NSS) +#if defined(USE_NSS) || defined(USE_OPENSSL) // Prefs for SSLConfigServicePref. Currently, these are only present on -// and used by NSS-using OSes. +// and used by NSS/OpenSSL using OSes. const char kCertRevocationCheckingEnabled[] = "ssl.rev_checking.enabled"; const char kSSL2Enabled[] = "ssl.ssl2.enabled"; const char kSSL3Enabled[] = "ssl.ssl3.enabled"; diff --git a/chrome/common/pref_names.h b/chrome/common/pref_names.h index 7f7acdc..52adbc36 100644 --- a/chrome/common/pref_names.h +++ b/chrome/common/pref_names.h @@ -75,7 +75,7 @@ extern const char kDisableSpdy[]; extern const char kCookiePromptExpanded[]; extern const char kInstantConfirmDialogShown[]; extern const char kInstantEnabled[]; -#if defined(USE_NSS) +#if defined(USE_NSS) || defined(USE_OPENSSL) extern const char kCertRevocationCheckingEnabled[]; extern const char kSSL2Enabled[]; extern const char kSSL3Enabled[]; diff --git a/net/base/cert_database.h b/net/base/cert_database.h index 377c0a8..409ed91 100644 --- a/net/base/cert_database.h +++ b/net/base/cert_database.h @@ -67,7 +67,7 @@ class CertDatabase { // the platform cert database, or possibly other network error codes. int AddUserCert(X509Certificate* cert); -#if defined(USE_NSS) +#if defined(USE_NSS) || defined(USE_OPENSSL) // Get a list of unique certificates in the certificate database. (One // instance of all certificates.) void ListCerts(CertificateList* certs); diff --git a/net/base/cert_test_util.h b/net/base/cert_test_util.h index 45c8ed3..8709156 100644 --- a/net/base/cert_test_util.h +++ b/net/base/cert_test_util.h @@ -14,7 +14,7 @@ namespace net { class X509Certificate; -#if defined(USE_NSS) || defined(OS_MACOSX) +#if defined(USE_NSS) || defined(OS_MACOSX) || defined(USE_OPENSSL) // Loads and trusts a root CA certificate (stored in a file) temporarily. // TODO(wtc): Implement this function on Windows (http://crbug.com/8470). X509Certificate* LoadTemporaryRootCert(const FilePath& filename); diff --git a/net/http/des.cc b/net/http/des.cc index 775f902..11d7a26 100644 --- a/net/http/des.cc +++ b/net/http/des.cc @@ -84,7 +84,14 @@ void DESMakeKey(const uint8* raw, uint8* key) { key[7] = DESSetKeyParity((raw[6] << 1)); } -#if defined(USE_NSS) +#if defined(USE_OPENSSL) + +void DESEncrypt(const uint8* key, const uint8* src, uint8* hash) { + // TODO(joth): When implementing consider splitting up this file by platform. + NOTIMPLEMENTED(); +} + +#elif defined(USE_NSS) void DESEncrypt(const uint8* key, const uint8* src, uint8* hash) { CK_MECHANISM_TYPE cipher_mech = CKM_DES_ECB; diff --git a/net/net.gyp b/net/net.gyp index 3c19189..8e01f57 100644 --- a/net/net.gyp +++ b/net/net.gyp @@ -232,9 +232,19 @@ 'dependencies': [ '../build/linux/system.gyp:gconf', '../build/linux/system.gyp:gdk', - '../build/linux/system.gyp:nss', '../build/linux/system.gyp:libresolv', ], + 'conditions': [ + ['use_openssl==1', { + 'dependencies': [ + '../build/linux/system.gyp:openssl', + ], + }, { # else: not using openssl. Use NSS. + 'dependencies': [ + '../build/linux/system.gyp:nss', + ], + }], + ], }, { # else: OS is not in the above list 'sources!': [ @@ -252,12 +262,14 @@ ], }, ], - [ 'use_openssl == 1 and OS == "linux"', { - # When building for OpenSSL, we need to exclude some NSS files. - # TODO(bulach): remove once we fully support OpenSSL. + [ 'use_openssl==1', { 'sources!': [ 'base/cert_database_nss.cc', + 'base/dnssec_keyset.cc', + 'base/dnssec_keyset.h', 'base/keygen_handler_nss.cc', + 'base/nss_memio.c', + 'base/nss_memio.h', 'base/x509_certificate_nss.cc', 'third_party/mozilla_security_manager/nsKeygenHandler.cpp', 'third_party/mozilla_security_manager/nsKeygenHandler.h', @@ -269,7 +281,7 @@ 'third_party/mozilla_security_manager/nsPKCS12Blob.h', ], }, - { # else: not using openssl. + { # else: not using openssl. 'sources!': [ 'base/cert_database_openssl.cc', 'base/keygen_handler_openssl.cc', @@ -701,7 +713,7 @@ 'proxy/proxy_config_service_linux.h', ], }], - ['use_openssl==1 and OS == "linux"', { + ['use_openssl==1', { 'dependencies': [ '../build/linux/system.gyp:openssl', ], @@ -972,11 +984,13 @@ }], ], }], - [ 'use_openssl == 1 and OS == "linux"', { - # When building for OpenSSL, we need to exclude some NSS files. - # TODO(bulach): remove once we fully support OpenSSL. + [ 'use_openssl==1', { + # When building for OpenSSL, we need to exclude NSS specific tests. + # TODO(bulach): Add equivalent tests when the underlying + # functionality is ported to OpenSSL. 'sources!': [ 'base/cert_database_nss_unittest.cc', + 'base/dnssec_unittest.cc', ], }, ], @@ -1146,8 +1160,16 @@ ], }], ['OS == "linux" or OS == "freebsd" or OS == "openbsd"', { - 'dependencies': [ - '../build/linux/system.gyp:nss', + 'conditions': [ + ['use_openssl==1', { + 'dependencies': [ + '../build/linux/system.gyp:openssl', + ] + }, { + 'dependencies': [ + '../build/linux/system.gyp:nss', + ], + }], ], }], ['OS == "linux"', { @@ -1159,11 +1181,6 @@ }], ], }], - ['use_openssl == 1 and OS == "linux"', { - 'dependencies': [ - '../build/linux/system.gyp:openssl', - ] - }], ], }, { |