diff options
81 files changed, 258 insertions, 246 deletions
diff --git a/build/build_config.h b/build/build_config.h index b07660d..7137b4b 100644 --- a/build/build_config.h +++ b/build/build_config.h @@ -61,7 +61,10 @@ #error Please add support for your platform in build/build_config.h #endif -#if defined(USE_OPENSSL) && defined(USE_NSS) +#if defined(USE_OPENSSL) && defined(USE_NSS_CERTS) +// TODO(davidben): This constraint compares somewhat orthogonal things and will +// be fixed when BoringSSL with NSS for certificates is added as a build +// configuration. See https://crbug.com/462040. #error Cannot use both OpenSSL and NSS #endif diff --git a/build/common.gypi b/build/common.gypi index 5c6b9f9..f1303aa 100644 --- a/build/common.gypi +++ b/build/common.gypi @@ -3016,8 +3016,12 @@ 'defines': ['USE_GLIB=1'], }], ['<(use_nss_certs)==1 and >(nacl_untrusted_build)==0', { - # TODO(davidben): Rename this to USE_NSS_CERTS. https://crbug.com/462040 - 'defines': ['USE_NSS=1'], + 'defines': [ + 'USE_NSS_CERTS=1', + # TODO(davidben): USE_NSS is a deprecated alias for USE_NSS_CERTS and + # will be removed. See https://crbug.com/462040. + 'USE_NSS=1', + ], }], ['<(chromeos)==1 and >(nacl_untrusted_build)==0', { 'defines': ['OS_CHROMEOS=1'], diff --git a/build/config/BUILD.gn b/build/config/BUILD.gn index 7a91e21..0140e86 100644 --- a/build/config/BUILD.gn +++ b/build/config/BUILD.gn @@ -126,10 +126,13 @@ config("feature_flags") { defines += [ "USE_OPENSSL_CERTS=1" ] } } else if (use_nss_certs) { - # USE_NSS really means "use nss for certificate validation and storage" - # (like USE_OPENSSL_CERTS) and not "we're linking to NSS." It might be nice - # to rename this but we're hoping to transition away from NSS. - defines += [ "USE_NSS=1" ] + defines += [ + "USE_NSS_CERTS=1", + + # TODO(davidben): USE_NSS is a deprecated alias for USE_NSS_CERTS and will + # be removed. See https://crbug.com/462040. + "USE_NSS=1", + ] } if (use_ozone) { defines += [ "USE_OZONE=1" ] diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc index 2641088..097e8a6 100644 --- a/chrome/browser/io_thread.cc +++ b/chrome/browser/io_thread.cc @@ -96,7 +96,7 @@ #include "chrome/browser/extensions/event_router_forwarder.h" #endif -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) #include "net/cert_net/nss_ocsp.h" #endif @@ -152,7 +152,7 @@ void ObserveKeychainEvents() { class SystemURLRequestContext : public net::URLRequestContext { public: SystemURLRequestContext() { -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) net::SetURLRequestContextForNSSHttpIO(this); #endif } @@ -160,7 +160,7 @@ class SystemURLRequestContext : public net::URLRequestContext { private: ~SystemURLRequestContext() override { AssertNoURLRequests(); -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) net::SetURLRequestContextForNSSHttpIO(NULL); #endif } @@ -626,7 +626,7 @@ void IOThread::InitAsync() { TRACE_EVENT0("startup", "IOThread::InitAsync"); DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) net::SetMessageLoopForNSSHttpIO(); #endif @@ -898,7 +898,7 @@ void IOThread::InitAsync() { void IOThread::CleanUp() { base::debug::LeakTracker<SafeBrowsingURLRequestContext>::CheckForLeaks(); -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) net::ShutdownNSSHttpIO(); #endif diff --git a/chrome/browser/profiles/profile_io_data.cc b/chrome/browser/profiles/profile_io_data.cc index 2bd781c..fc63611 100644 --- a/chrome/browser/profiles/profile_io_data.cc +++ b/chrome/browser/profiles/profile_io_data.cc @@ -135,7 +135,7 @@ #include "net/ssl/client_cert_store_chromeos.h" #endif // defined(OS_CHROMEOS) -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include "chrome/browser/ui/crypto_module_delegate_nss.h" #include "net/ssl/client_cert_store_nss.h" #endif @@ -341,7 +341,7 @@ void StartNSSInitOnIOThread(const std::string& username, } #endif // defined(OS_CHROMEOS) -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) void InitializeAndPassKeygenHandler( scoped_ptr<net::KeygenHandler> keygen_handler, const base::Callback<void(scoped_ptr<net::KeygenHandler>)>& callback, @@ -350,7 +350,7 @@ void InitializeAndPassKeygenHandler( keygen_handler->set_crypto_module_delegate(delegate.Pass()); callback.Run(keygen_handler.Pass()); } -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) void InvalidateContextGettersOnIO( scoped_ptr<ProfileIOData::ChromeURLRequestContextGetterVector> getters) { @@ -918,7 +918,7 @@ ProfileIOData::ResourceContext::CreateClientCertStore() { io_data_->use_system_key_slot(), io_data_->username_hash())), base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, chrome::kCryptoModulePasswordClientAuth))); -#elif defined(USE_NSS) +#elif defined(USE_NSS_CERTS) return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreNSS( base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, chrome::kCryptoModulePasswordClientAuth))); @@ -942,7 +942,7 @@ void ProfileIOData::ResourceContext::CreateKeygenHandler( const GURL& url, const base::Callback<void(scoped_ptr<net::KeygenHandler>)>& callback) { DCHECK(!callback.is_null()); -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) scoped_ptr<net::KeygenHandler> keygen_handler( new net::KeygenHandler(key_size_in_bits, challenge_string, url)); diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc index d6eb171..e7ded66 100644 --- a/chrome/browser/ssl/ssl_browser_tests.cc +++ b/chrome/browser/ssl/ssl_browser_tests.cc @@ -58,11 +58,11 @@ #include "net/test/spawned_test_server/spawned_test_server.h" #include "net/url_request/url_request_context.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include "chrome/browser/net/nss_context.h" #include "net/base/crypto_module.h" #include "net/cert/nss_cert_database.h" -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) using base::ASCIIToUTF16; using chrome_browser_interstitials::SecurityInterstitialIDNTest; @@ -972,7 +972,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestWSSInvalidCertAndGoForward) { EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass")); } -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) class SSLUITestWithClientCert : public SSLUITest { public: SSLUITestWithClientCert() : cert_db_(NULL) {} @@ -1058,7 +1058,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITestWithClientCert, TestWSSClientCert) { const base::string16 result = watcher.WaitAndGetTitle(); EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass")); } -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) // Flaky on CrOS http://crbug.com/92292 #if defined(OS_CHROMEOS) diff --git a/chrome/browser/ui/views/ssl_client_certificate_selector.cc b/chrome/browser/ui/views/ssl_client_certificate_selector.cc index 8222614..2396ffc 100644 --- a/chrome/browser/ui/views/ssl_client_certificate_selector.cc +++ b/chrome/browser/ui/views/ssl_client_certificate_selector.cc @@ -17,7 +17,7 @@ #include "ui/base/l10n/l10n_util.h" #include "ui/views/widget/widget.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include "chrome/browser/ui/crypto_module_password_dialog_nss.h" #endif @@ -57,7 +57,7 @@ bool SSLClientCertificateSelector::Accept() { // notification while waiting for the unlock dialog, causing us to delete // ourself before the Unlocked callback gets called. StopObserving(); -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) chrome::UnlockCertSlotIfNecessary( cert.get(), chrome::kCryptoModulePasswordClientAuth, cert_request_info()->host_and_port, GetWidget()->GetNativeView(), diff --git a/chrome/browser/ui/views/ssl_client_certificate_selector_browsertest.cc b/chrome/browser/ui/views/ssl_client_certificate_selector_browsertest.cc index 6739d34..1ff5fdf 100644 --- a/chrome/browser/ui/views/ssl_client_certificate_selector_browsertest.cc +++ b/chrome/browser/ui/views/ssl_client_certificate_selector_browsertest.cc @@ -27,7 +27,7 @@ #include "net/url_request/url_request_context_getter.h" #include "testing/gtest/include/gtest/gtest.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include "crypto/scoped_test_nss_db.h" #endif @@ -50,18 +50,18 @@ class SSLClientCertificateSelectorTest : public InProcessBrowserTest { void SetUpInProcessBrowserTestFixture() override { base::FilePath certs_dir = net::GetTestCertsDirectory(); -#if defined(USE_NSS) - // If USE_NSS, the selector tries to unlock the slot where the private key - // of each certificate is stored. If no private key is found, the slot would - // be null and the unlock will crash. +#if defined(USE_NSS_CERTS) + // If USE_NSS_CERTS, the selector tries to unlock the slot where the + // private key of each certificate is stored. If no private key is found, + // the slot would be null and the unlock will crash. ASSERT_TRUE(test_nssdb_.is_open()); client_cert_1_ = net::ImportClientCertAndKeyFromFile( certs_dir, "client_1.pem", "client_1.pk8", test_nssdb_.slot()); client_cert_2_ = net::ImportClientCertAndKeyFromFile( certs_dir, "client_2.pem", "client_2.pk8", test_nssdb_.slot()); #else - // No unlock is attempted if !USE_NSS. Thus, there is no need to import a - // private key. + // No unlock is attempted if !USE_NSS_CERTS. Thus, there is no need to + // import a private key. client_cert_1_ = net::ImportCertFromFile(certs_dir, "client_1.pem"); client_cert_2_ = net::ImportCertFromFile(certs_dir, "client_2.pem"); #endif @@ -140,7 +140,7 @@ class SSLClientCertificateSelectorTest : public InProcessBrowserTest { scoped_refptr<StrictMock<SSLClientAuthRequestorMock> > auth_requestor_; // The selector will be deleted when a cert is selected or the tab is closed. SSLClientCertificateSelector* selector_; -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) crypto::ScopedTestNSSDB test_nssdb_; #endif }; diff --git a/chrome/browser/ui/webui/chrome_web_ui_controller_factory.cc b/chrome/browser/ui/webui/chrome_web_ui_controller_factory.cc index 023af7a..78dc56cf 100644 --- a/chrome/browser/ui/webui/chrome_web_ui_controller_factory.cc +++ b/chrome/browser/ui/webui/chrome_web_ui_controller_factory.cc @@ -145,7 +145,7 @@ #include "chrome/browser/ui/webui/set_as_default_browser_ui.h" #endif -#if (defined(USE_NSS) || defined(USE_OPENSSL_CERTS)) && defined(USE_AURA) +#if (defined(USE_NSS_CERTS) || defined(USE_OPENSSL_CERTS)) && defined(USE_AURA) #include "chrome/browser/ui/webui/certificate_viewer_ui.h" #endif @@ -499,14 +499,14 @@ WebUIFactoryFunction GetWebUIFactoryFunction(WebUI* web_ui, if (url.host() == chrome::kChromeUIGestureConfigHost) return &NewWebUI<GestureConfigUI>; #endif -#if (defined(USE_NSS) || defined(USE_OPENSSL_CERTS)) && defined(USE_AURA) +#if (defined(USE_NSS_CERTS) || defined(USE_OPENSSL_CERTS)) && defined(USE_AURA) if (url.host() == chrome::kChromeUICertificateViewerHost) return &NewWebUI<CertificateViewerUI>; #if defined(OS_CHROMEOS) if (url.host() == chrome::kChromeUICertificateViewerDialogHost) return &NewWebUI<CertificateViewerModalDialogUI>; #endif -#endif // (defined(USE_NSS) || defined(USE_OPENSSL_CERTS)) && defined(USE_AURA) +#endif // (USE_NSS_CERTS || USE_OPENSSL_CERTS) && USE_AURA #if defined(ENABLE_CONFIGURATION_POLICY) if (url.host() == chrome::kChromeUIPolicyHost) diff --git a/chrome/browser/ui/webui/options/browser_options_handler.h b/chrome/browser/ui/webui/options/browser_options_handler.h index 48be51d..1eccac9 100644 --- a/chrome/browser/ui/webui/options/browser_options_handler.h +++ b/chrome/browser/ui/webui/options/browser_options_handler.h @@ -281,7 +281,7 @@ class BrowserOptionsHandler void ShowNetworkProxySettings(const base::ListValue* args); #endif -#if !defined(USE_NSS) +#if !defined(USE_NSS_CERTS) // Callback for the "showManageSSLCertificates" message. This will invoke // an appropriate certificate management action based on the platform. void ShowManageSSLCertificates(const base::ListValue* args); diff --git a/chrome/browser/ui/webui/options/certificate_manager_browsertest.js b/chrome/browser/ui/webui/options/certificate_manager_browsertest.js index 060d27b..ec3e1a6 100644 --- a/chrome/browser/ui/webui/options/certificate_manager_browsertest.js +++ b/chrome/browser/ui/webui/options/certificate_manager_browsertest.js @@ -4,7 +4,7 @@ // Mac and Windows go to native certificate manager, and certificate manager // isn't implemented if OpenSSL is used. -GEN('#if defined(USE_NSS)'); +GEN('#if defined(USE_NSS_CERTS)'); /** * TestFixture for certificate manager WebUI testing. @@ -286,4 +286,4 @@ TEST_F('CertificateManagerWebUITest', expectTrue($('caCertsTab-delete').disabled); }); -GEN('#endif // defined(USE_NSS)'); +GEN('#endif // defined(USE_NSS_CERTS)'); diff --git a/chrome/browser/ui/webui/options/options_ui.cc b/chrome/browser/ui/webui/options/options_ui.cc index ce2b00f..9b576d7 100644 --- a/chrome/browser/ui/webui/options/options_ui.cc +++ b/chrome/browser/ui/webui/options/options_ui.cc @@ -97,7 +97,7 @@ #include "chrome/browser/ui/webui/options/chromeos/user_image_source.h" #endif -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include "chrome/browser/ui/webui/options/certificate_manager_handler.h" #endif @@ -347,7 +347,7 @@ OptionsUI::OptionsUI(content::WebUI* web_ui) new chromeos::options::ConsumerManagementHandler(consumer_management); AddOptionsPageUIHandler(localized_strings, consumer_management_handler); #endif -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) AddOptionsPageUIHandler(localized_strings, new CertificateManagerHandler(false)); #endif diff --git a/chrome/common/net/x509_certificate_model.cc b/chrome/common/net/x509_certificate_model.cc index a7bb46c..ee502a1 100644 --- a/chrome/common/net/x509_certificate_model.cc +++ b/chrome/common/net/x509_certificate_model.cc @@ -65,11 +65,11 @@ std::string ProcessRawBytes(const unsigned char* data, size_t data_length) { return ProcessRawBytesWithSeparators(data, data_length, ' ', '\n'); } -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) std::string ProcessRawBits(const unsigned char* data, size_t data_length) { return ProcessRawBytes(data, (data_length + 7) / 8); } -#endif // USE_NSS +#endif // USE_NSS_CERTS } // namespace x509_certificate_model diff --git a/chrome/common/net/x509_certificate_model.h b/chrome/common/net/x509_certificate_model.h index 1a5d350..77b59fba 100644 --- a/chrome/common/net/x509_certificate_model.h +++ b/chrome/common/net/x509_certificate_model.h @@ -113,12 +113,12 @@ std::string ProcessRawBytesWithSeparators(const unsigned char* data, std::string ProcessRawBytes(const unsigned char* data, size_t data_length); -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // Format a buffer as a space separated string, with 16 bytes on each line. // |data_length| is the length in bits. std::string ProcessRawBits(const unsigned char* data, size_t data_length); -#endif // USE_NSS +#endif // USE_NSS_CERTS } // namespace x509_certificate_model diff --git a/chrome/common/net/x509_certificate_model_unittest.cc b/chrome/common/net/x509_certificate_model_unittest.cc index c18181c..785d0ec 100644 --- a/chrome/common/net/x509_certificate_model_unittest.cc +++ b/chrome/common/net/x509_certificate_model_unittest.cc @@ -9,7 +9,7 @@ #include "net/test/cert_test_util.h" #include "testing/gtest/include/gtest/gtest.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include "crypto/scoped_test_nss_db.h" #include "net/cert/nss_cert_database.h" #endif diff --git a/chrome/plugin/chrome_content_plugin_client.cc b/chrome/plugin/chrome_content_plugin_client.cc index fd4c013..3cfce28 100644 --- a/chrome/plugin/chrome_content_plugin_client.cc +++ b/chrome/plugin/chrome_content_plugin_client.cc @@ -12,7 +12,7 @@ #if defined(OS_WIN) #include "base/logging.h" #include "base/native_library.h" -#elif defined(OS_POSIX) && !defined(OS_MACOSX) && defined(USE_NSS) +#elif defined(OS_POSIX) && !defined(OS_MACOSX) && defined(USE_NSS_CERTS) #include "crypto/nss_util.h" #endif #endif @@ -31,7 +31,7 @@ void ChromeContentPluginClient::PreSandboxInitialization() { #if defined(ENABLE_REMOTING) // Load crypto libraries for the Chromoting client plugin. -#if defined(OS_POSIX) && !defined(OS_MACOSX) && defined(USE_NSS) +#if defined(OS_POSIX) && !defined(OS_MACOSX) && defined(USE_NSS_CERTS) // On platforms where we use system NSS libraries, the .so's must be loaded // before the sandbox is initialized. crypto::ForceNSSNoDBInit(); diff --git a/chrome/renderer/chrome_render_process_observer.cc b/chrome/renderer/chrome_render_process_observer.cc index 866934c..924164d 100644 --- a/chrome/renderer/chrome_render_process_observer.cc +++ b/chrome/renderer/chrome_render_process_observer.cc @@ -234,7 +234,7 @@ ChromeRenderProcessObserver::ChromeRenderProcessObserver() // Configure modules that need access to resources. net::NetModule::SetResourceProvider(chrome_common_net::NetResourceProvider); -#if defined(OS_POSIX) && !defined(OS_MACOSX) && defined(USE_NSS) +#if defined(OS_POSIX) && !defined(OS_MACOSX) && defined(USE_NSS_CERTS) // On platforms where we use system NSS shared libraries, // initialize NSS now because it won't be able to load the .so's // after we engage the sandbox. diff --git a/chrome/utility/importer/nss_decryptor.cc b/chrome/utility/importer/nss_decryptor.cc index 8e9d85f..6d6d676 100644 --- a/chrome/utility/importer/nss_decryptor.cc +++ b/chrome/utility/importer/nss_decryptor.cc @@ -16,10 +16,10 @@ #include "sql/connection.h" #include "sql/statement.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include <pk11pub.h> #include <pk11sdr.h> -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) // This method is based on some Firefox code in // security/manager/ssl/src/nsSDR.cpp @@ -90,11 +90,11 @@ base::string16 NSSDecryptor::Decrypt(const std::string& crypt) const { SECItem reply; reply.data = NULL; reply.len = 0; -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) result = PK11SDR_DecryptWithSlot(slot, &request, &reply, NULL); #else result = PK11SDR_Decrypt(&request, &reply, NULL); -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) if (result == SECSuccess) plain.assign(reinterpret_cast<char*>(reply.data), reply.len); diff --git a/chrome/utility/importer/nss_decryptor.h b/chrome/utility/importer/nss_decryptor.h index d3d309c..5c36112 100644 --- a/chrome/utility/importer/nss_decryptor.h +++ b/chrome/utility/importer/nss_decryptor.h @@ -18,7 +18,7 @@ // that is going to take some non-trivial refactoring so in the meantime we're // just falling back to a no-op implementation. #include "chrome/utility/importer/nss_decryptor_null.h" -#elif defined(USE_NSS) +#elif defined(USE_NSS_CERTS) #include "chrome/utility/importer/nss_decryptor_system_nss.h" #endif diff --git a/chromecast/browser/url_request_context_factory.cc b/chromecast/browser/url_request_context_factory.cc index 1337fc8..9143071 100644 --- a/chromecast/browser/url_request_context_factory.cc +++ b/chromecast/browser/url_request_context_factory.cc @@ -64,10 +64,10 @@ class URLRequestContextFactory::URLRequestContextGetter request_context_.reset(factory_->CreateMediaRequestContext()); } else { request_context_.reset(factory_->CreateSystemRequestContext()); -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // Set request context used by NSS for Crl requests. net::SetURLRequestContextForNSSHttpIO(request_context_.get()); -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) } } return request_context_.get(); diff --git a/chromecast/renderer/cast_content_renderer_client.cc b/chromecast/renderer/cast_content_renderer_client.cc index 8934e95..371cf31 100644 --- a/chromecast/renderer/cast_content_renderer_client.cc +++ b/chromecast/renderer/cast_content_renderer_client.cc @@ -95,7 +95,7 @@ CastContentRendererClient::~CastContentRendererClient() { void CastContentRendererClient::RenderThreadStarted() { base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // Note: Copied from chrome_render_process_observer.cc to fix b/8676652. // // On platforms where the system NSS shared libraries are used, diff --git a/chromeos/network/onc/onc_certificate_importer_impl_unittest.cc b/chromeos/network/onc/onc_certificate_importer_impl_unittest.cc index ca94105..35ff424 100644 --- a/chromeos/network/onc/onc_certificate_importer_impl_unittest.cc +++ b/chromeos/network/onc/onc_certificate_importer_impl_unittest.cc @@ -30,7 +30,7 @@ namespace onc { namespace { -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use // the new name of the macro. #if !defined(CERTDB_TERMINAL_RECORD) @@ -58,7 +58,7 @@ net::CertType GetCertType(net::X509Certificate::OSCertHandle cert) { NOTIMPLEMENTED(); return net::OTHER_CERT; } -#endif // USE_NSS +#endif // USE_NSS_CERTS } // namespace diff --git a/components/nacl/loader/nacl_helper_linux.cc b/components/nacl/loader/nacl_helper_linux.cc index 7076044..6670eb2 100644 --- a/components/nacl/loader/nacl_helper_linux.cc +++ b/components/nacl/loader/nacl_helper_linux.cc @@ -438,7 +438,7 @@ int main(int argc, char* argv[]) { // NSS is only needed for SFI NaCl. // Allows NSS to fopen() /dev/urandom. sandbox::InitLibcUrandomOverrides(); -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // Configure NSS for use inside the NaCl process. // The fork check has not caused problems for NaCl, but this appears to be // best practice (see other places LoadNSSLibraries is called.) @@ -450,7 +450,7 @@ int main(int argc, char* argv[]) { // Load shared libraries before sandbox is raised. // NSS is needed to perform hashing for validation caching. crypto::LoadNSSLibraries(); -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) #endif // defined(OS_NACL_NONSFI) const NaClLoaderSystemInfo system_info = { #if !defined(OS_NACL_NONSFI) diff --git a/components/nacl/loader/nacl_validation_query.cc b/components/nacl/loader/nacl_validation_query.cc index 260ed6c..c2b6e18 100644 --- a/components/nacl/loader/nacl_validation_query.cc +++ b/components/nacl/loader/nacl_validation_query.cc @@ -43,7 +43,7 @@ NaClValidationQuery::NaClValidationQuery(NaClValidationDB* db, // not be used in all cases. // TODO(ncbray) remove when nacl_helper becomes the only code path. // http://code.google.com/p/chromium/issues/detail?id=118263 -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) crypto::ForceNSSNoDBInit(); #endif CHECK(hasher_.Init(profile_key)); diff --git a/components/ownership/mock_owner_key_util.cc b/components/ownership/mock_owner_key_util.cc index 495f993..703351d 100644 --- a/components/ownership/mock_owner_key_util.cc +++ b/components/ownership/mock_owner_key_util.cc @@ -20,13 +20,13 @@ bool MockOwnerKeyUtil::ImportPublicKey(std::vector<uint8>* output) { return !public_key_.empty(); } -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) crypto::RSAPrivateKey* MockOwnerKeyUtil::FindPrivateKeyInSlot( const std::vector<uint8>& key, PK11SlotInfo* slot) { return private_key_.get() ? private_key_->Copy() : NULL; } -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) bool MockOwnerKeyUtil::IsPublicKeyPresent() { return !public_key_.empty(); diff --git a/components/ownership/mock_owner_key_util.h b/components/ownership/mock_owner_key_util.h index 4b0cc8d..72fddc3 100644 --- a/components/ownership/mock_owner_key_util.h +++ b/components/ownership/mock_owner_key_util.h @@ -24,10 +24,10 @@ class OWNERSHIP_EXPORT MockOwnerKeyUtil : public OwnerKeyUtil { // OwnerKeyUtil implementation: bool ImportPublicKey(std::vector<uint8>* output) override; -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) crypto::RSAPrivateKey* FindPrivateKeyInSlot(const std::vector<uint8>& key, PK11SlotInfo* slot) override; -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) bool IsPublicKeyPresent() override; // Clears the public and private keys. diff --git a/components/ownership/owner_key_util.h b/components/ownership/owner_key_util.h index 7e2f15e..3920180 100644 --- a/components/ownership/owner_key_util.h +++ b/components/ownership/owner_key_util.h @@ -15,10 +15,10 @@ #include "base/stl_util.h" #include "components/ownership/ownership_export.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) struct PK11SlotInfoStr; typedef struct PK11SlotInfoStr PK11SlotInfo; -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) namespace crypto { class RSAPrivateKey; @@ -81,14 +81,14 @@ class OWNERSHIP_EXPORT OwnerKeyUtil // returns true and populates |output|. False on failure. virtual bool ImportPublicKey(std::vector<uint8>* output) = 0; -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // Looks for the private key associated with |key| in the |slot| // and returns it if it can be found. Returns NULL otherwise. // Caller takes ownership. virtual crypto::RSAPrivateKey* FindPrivateKeyInSlot( const std::vector<uint8>& key, PK11SlotInfo* slot) = 0; -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) // Checks whether the public key is present in the file system. virtual bool IsPublicKeyPresent() = 0; diff --git a/components/ownership/owner_key_util_impl.cc b/components/ownership/owner_key_util_impl.cc index 46b0b6a..bc7208e 100644 --- a/components/ownership/owner_key_util_impl.cc +++ b/components/ownership/owner_key_util_impl.cc @@ -50,13 +50,13 @@ bool OwnerKeyUtilImpl::ImportPublicKey(std::vector<uint8>* output) { return data_read == safe_file_size; } -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) crypto::RSAPrivateKey* OwnerKeyUtilImpl::FindPrivateKeyInSlot( const std::vector<uint8>& key, PK11SlotInfo* slot) { return crypto::RSAPrivateKey::FindFromPublicKeyInfoInSlot(key, slot); } -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) bool OwnerKeyUtilImpl::IsPublicKeyPresent() { return base::PathExists(public_key_file_); diff --git a/components/ownership/owner_key_util_impl.h b/components/ownership/owner_key_util_impl.h index 9358cca..4446ee6 100644 --- a/components/ownership/owner_key_util_impl.h +++ b/components/ownership/owner_key_util_impl.h @@ -21,10 +21,10 @@ class OWNERSHIP_EXPORT OwnerKeyUtilImpl : public OwnerKeyUtil { // OwnerKeyUtil implementation: bool ImportPublicKey(std::vector<uint8>* output) override; -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) crypto::RSAPrivateKey* FindPrivateKeyInSlot(const std::vector<uint8>& key, PK11SlotInfo* slot) override; -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) bool IsPublicKeyPresent() override; private: diff --git a/components/webcrypto/nss/aes_kw_nss.cc b/components/webcrypto/nss/aes_kw_nss.cc index cc690e8..77afb1f 100644 --- a/components/webcrypto/nss/aes_kw_nss.cc +++ b/components/webcrypto/nss/aes_kw_nss.cc @@ -46,7 +46,7 @@ Status DoUnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, // The plaintext length is always 64 bits less than the data size. const unsigned int plaintext_length = wrapped_key_data.byte_length() - 8; -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // Part of workaround for // https://bugzilla.mozilla.org/show_bug.cgi?id=981170. See the explanation // later in this function. @@ -63,7 +63,7 @@ Status DoUnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, if (!new_key) return Status::OperationError(); -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // Workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=981170 // which was fixed in NSS 3.16.0. // If unwrap fails, NSS nevertheless returns a valid-looking PK11SymKey, diff --git a/components/webcrypto/nss/rsa_hashed_algorithm_nss.cc b/components/webcrypto/nss/rsa_hashed_algorithm_nss.cc index f186e36..1b7e4a2 100644 --- a/components/webcrypto/nss/rsa_hashed_algorithm_nss.cc +++ b/components/webcrypto/nss/rsa_hashed_algorithm_nss.cc @@ -22,7 +22,7 @@ namespace webcrypto { namespace { -#if defined(USE_NSS) && !defined(OS_CHROMEOS) +#if defined(USE_NSS_CERTS) && !defined(OS_CHROMEOS) Status ErrorRsaPrivateKeyImportNotSupported() { return Status::ErrorUnsupported( "NSS version must be at least 3.16.2 for RSA private key import. See " @@ -125,7 +125,7 @@ struct RSAPrivateKey { // The system NSS library doesn't have the new PK11_ExportDERPrivateKeyInfo // function yet (https://bugzilla.mozilla.org/show_bug.cgi?id=519255). So we // provide a fallback implementation. -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) const SEC_ASN1Template RSAPrivateKeyTemplate[] = { {SEC_ASN1_SEQUENCE, 0, NULL, sizeof(RSAPrivateKey)}, {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, version)}, @@ -138,7 +138,7 @@ const SEC_ASN1Template RSAPrivateKeyTemplate[] = { {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, exponent2)}, {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, coefficient)}, {0}}; -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) // On success |value| will be filled with data which must be freed by // SECITEM_FreeItem(value, PR_FALSE); @@ -252,7 +252,7 @@ Status ExportKeyPkcs8Nss(SECKEYPrivateKey* key, std::vector<uint8_t>* buffer) { // TODO(rsleevi): Implement OAEP support according to the spec. -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // PK11_ExportDERPrivateKeyInfo isn't available. Use our fallback code. const SECOidTag algorithm = SEC_OID_PKCS1_RSA_ENCRYPTION; const int kPrivateKeyInfoVersion = 0; @@ -290,9 +290,9 @@ Status ExportKeyPkcs8Nss(SECKEYPrivateKey* key, std::vector<uint8_t>* buffer) { crypto::ScopedSECItem encoded_key( SEC_ASN1EncodeItem(NULL, NULL, &private_key_info, SEC_ASN1_GET(SECKEY_PrivateKeyInfoTemplate))); -#else // defined(USE_NSS) +#else // defined(USE_NSS_CERTS) crypto::ScopedSECItem encoded_key(PK11_ExportDERPrivateKeyInfo(key, NULL)); -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) if (!encoded_key.get()) return Status::OperationError(); diff --git a/components/webcrypto/nss/util_nss.cc b/components/webcrypto/nss/util_nss.cc index 5ded382..784a980 100644 --- a/components/webcrypto/nss/util_nss.cc +++ b/components/webcrypto/nss/util_nss.cc @@ -10,7 +10,7 @@ #include "crypto/nss_util.h" #include "crypto/scoped_nss_types.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include <dlfcn.h> #include <secoid.h> #endif @@ -42,7 +42,7 @@ NssRuntimeSupport* NssRuntimeSupport::Get() { } NssRuntimeSupport::NssRuntimeSupport() : internal_slot_does_oaep_(false) { -#if !defined(USE_NSS) +#if !defined(USE_NSS_CERTS) // Using a bundled version of NSS that is guaranteed to have this symbol. pk11_encrypt_func_ = PK11_Encrypt; pk11_decrypt_func_ = PK11_Decrypt; diff --git a/components/webcrypto/test/test_helpers.cc b/components/webcrypto/test/test_helpers.cc index a14440a..7d3ff44 100644 --- a/components/webcrypto/test/test_helpers.cc +++ b/components/webcrypto/test/test_helpers.cc @@ -113,7 +113,7 @@ bool SupportsRsaOaep() { #else crypto::EnsureNSSInit(); // TODO(eroman): Exclude version test for OS_CHROMEOS -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) if (!NSS_VersionCheck("3.16.2")) return false; #endif @@ -124,7 +124,7 @@ bool SupportsRsaOaep() { bool SupportsRsaPrivateKeyImport() { // TODO(eroman): Exclude version test for OS_CHROMEOS -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) crypto::EnsureNSSInit(); if (!NSS_VersionCheck("3.16.2")) { LOG(WARNING) << "RSA key import is not supported by this version of NSS. " diff --git a/content/app/content_main_runner.cc b/content/app/content_main_runner.cc index 0db941a..4c8dcbb 100644 --- a/content/app/content_main_runner.cc +++ b/content/app/content_main_runner.cc @@ -683,7 +683,7 @@ class ContentMainRunnerImpl : public ContentMainRunner { } #endif -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) crypto::EarlySetupForNSSInit(); #endif diff --git a/content/ppapi_plugin/ppapi_plugin_main.cc b/content/ppapi_plugin/ppapi_plugin_main.cc index 6c80f03..742a49b 100644 --- a/content/ppapi_plugin/ppapi_plugin_main.cc +++ b/content/ppapi_plugin/ppapi_plugin_main.cc @@ -115,7 +115,7 @@ int PpapiPluginMain(const MainFunctionParams& parameters) { base::trace_event::TraceLog::GetInstance()->SetProcessSortIndex( kTraceEventPpapiProcessSortIndex); -#if defined(OS_LINUX) && defined(USE_NSS) +#if defined(OS_LINUX) && defined(USE_NSS_CERTS) // Some out-of-process PPAPI plugins use NSS. // NSS must be initialized before enabling the sandbox below. crypto::InitNSSSafely(); diff --git a/content/zygote/zygote_main_linux.cc b/content/zygote/zygote_main_linux.cc index ab12e5b..1aee6bd7 100644 --- a/content/zygote/zygote_main_linux.cc +++ b/content/zygote/zygote_main_linux.cc @@ -338,7 +338,7 @@ static void ZygotePreSandboxInit() { // cached and there's no more need to access the file system. scoped_ptr<icu::TimeZone> zone(icu::TimeZone::createDefault()); -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // NSS libraries are loaded before sandbox is activated. This is to allow // successful initialization of NSS which tries to load extra library files. crypto::LoadNSSLibraries(); diff --git a/crypto/encryptor.h b/crypto/encryptor.h index ec1498b..8052a9f 100644 --- a/crypto/encryptor.h +++ b/crypto/encryptor.h @@ -13,7 +13,7 @@ #include "build/build_config.h" #include "crypto/crypto_export.h" -#if defined(USE_NSS) || \ +#if defined(USE_NSS_CERTS) || \ (!defined(USE_OPENSSL) && (defined(OS_WIN) || defined(OS_MACOSX))) #include "crypto/scoped_nss_types.h" #endif @@ -122,7 +122,7 @@ class CRYPTO_EXPORT Encryptor { const base::StringPiece& input, std::string* output); std::string iv_; -#elif defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) +#elif defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX) bool Crypt(PK11Context* context, const base::StringPiece& input, std::string* output); diff --git a/crypto/encryptor_unittest.cc b/crypto/encryptor_unittest.cc index 1a99783..79fe2cc 100644 --- a/crypto/encryptor_unittest.cc +++ b/crypto/encryptor_unittest.cc @@ -92,7 +92,7 @@ TEST(EncryptorTest, DecryptWrongKey) { // determine the padding length without checking every padding byte, // Encryptor::Decrypt() will still return true. This is the case for NSS // (crbug.com/124434). -#if !defined(USE_NSS) && !defined(OS_WIN) && !defined(OS_MACOSX) +#if !defined(USE_NSS_CERTS) && !defined(OS_WIN) && !defined(OS_MACOSX) crypto::Encryptor decryptor; EXPECT_TRUE(decryptor.Init(wrong_key.get(), crypto::Encryptor::CBC, iv)); EXPECT_FALSE(decryptor.Decrypt(ciphertext, &decrypted)); diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc index 5ee7c32..cd7bd44 100644 --- a/crypto/nss_util.cc +++ b/crypto/nss_util.cc @@ -43,14 +43,13 @@ #include "base/threading/worker_pool.h" #include "build/build_config.h" -// USE_NSS means we use NSS for everything crypto-related. If USE_NSS is not -// defined, such as on Mac and Windows, we use NSS for SSL only -- we don't -// use NSS for crypto or certificate verification, and we don't use the NSS -// certificate and key databases. -#if defined(USE_NSS) +// USE_NSS_CERTS means NSS is used for certificates and platform integration. +// This requires additional support to manage the platform certificate and key +// stores. +#if defined(USE_NSS_CERTS) #include "base/synchronization/lock.h" #include "crypto/nss_crypto_module_delegate.h" -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) namespace crypto { @@ -80,7 +79,7 @@ std::string GetNSSErrorMessage() { return result; } -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #if !defined(OS_CHROMEOS) base::FilePath GetDefaultConfigDirectory() { base::FilePath dir; @@ -142,8 +141,8 @@ char* PKCS11PasswordFunc(PK11SlotInfo* slot, PRBool retry, void* arg) { // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's // detection when database_dir is on NFS. See http://crbug.com/48585. // -// TODO(wtc): port this function to other USE_NSS platforms. It is defined -// only for OS_LINUX and OS_OPENBSD simply because the statfs structure +// TODO(wtc): port this function to other USE_NSS_CERTS platforms. It is +// defined only for OS_LINUX and OS_OPENBSD simply because the statfs structure // is OS-specific. // // Because this function sets an environment variable it must be run before we @@ -170,7 +169,7 @@ void UseLocalCacheOfNSSDatabaseIfNFS(const base::FilePath& database_dir) { } } -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) // A singleton to initialize/deinitialize NSPR. // Separate from the NSS singleton because we initialize NSPR on the UI thread. @@ -628,11 +627,11 @@ class NSSInitSingleton { } #endif -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) base::Lock* write_lock() { return &write_lock_; } -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) // This method is used to force NSS to be initialized without a DB. // Call this method before NSSInitSingleton() is constructed. @@ -676,7 +675,7 @@ class NSSInitSingleton { SECStatus status = SECFailure; bool nodb_init = force_nodb_init_; -#if !defined(USE_NSS) +#if !defined(USE_NSS_CERTS) // Use the system certificate store, so initialize NSS without database. nodb_init = true; #endif @@ -691,7 +690,7 @@ class NSSInitSingleton { root_ = InitDefaultRootCerts(); #endif // defined(OS_IOS) } else { -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) base::FilePath database_dir = GetInitialConfigDirectory(); if (!database_dir.empty()) { // This duplicates the work which should have been done in @@ -738,7 +737,7 @@ class NSSInitSingleton { } root_ = InitDefaultRootCerts(); -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) } // Disable MD5 certificate signatures. (They are disabled by default in @@ -783,7 +782,7 @@ class NSSInitSingleton { } } -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) // Load nss's built-in root certs. SECMODModule* InitDefaultRootCerts() { SECMODModule* root = LoadModule("Root Certs", "libnssckbi.so", NULL); @@ -856,11 +855,11 @@ class NSSInitSingleton { ChromeOSUserMap chromeos_user_map_; ScopedPK11Slot test_system_slot_; #endif -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011 // is fixed, we will no longer need the lock. base::Lock write_lock_; -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) base::ThreadChecker thread_checker_; }; @@ -872,7 +871,7 @@ base::LazyInstance<NSSInitSingleton>::Leaky g_nss_singleton = LAZY_INSTANCE_INITIALIZER; } // namespace -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path, const std::string& description) { const std::string modspec = @@ -931,7 +930,7 @@ void DisableNSSForkCheck() { void LoadNSSLibraries() { // Some NSS libraries are linked dynamically so load them here. -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // Try to search for multiple directories to load the libraries. std::vector<base::FilePath> paths; @@ -980,14 +979,14 @@ void LoadNSSLibraries() { } else { LOG(ERROR) << "Failed to load NSS libraries."; } -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) } bool CheckNSSVersion(const char* version) { return !!NSS_VersionCheck(version); } -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) base::Lock* GetNSSWriteLock() { return g_nss_singleton.Get().write_lock(); } @@ -1013,7 +1012,7 @@ AutoSECMODListReadLock::AutoSECMODListReadLock() AutoSECMODListReadLock::~AutoSECMODListReadLock() { SECMOD_ReleaseReadLock(lock_); } -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) #if defined(OS_CHROMEOS) ScopedPK11Slot GetSystemNSSKeySlot( diff --git a/crypto/nss_util.h b/crypto/nss_util.h index 56fdfa6..1ca0de3 100644 --- a/crypto/nss_util.h +++ b/crypto/nss_util.h @@ -22,7 +22,7 @@ class Time; // initialization functions. namespace crypto { -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // EarlySetupForNSSInit performs lightweight setup which must occur before the // process goes multithreaded. This does not initialise NSS. For test, see // EnsureNSSInit. @@ -127,7 +127,7 @@ CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64 prtime); // We use a int64 instead of PRTime here to avoid depending on NSPR headers. CRYPTO_EXPORT int64 BaseTimeToPRTime(base::Time time); -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // NSS has a bug which can cause a deadlock or stall in some cases when writing // to the certDB and keyDB. It also has a bug which causes concurrent key pair // generations to scribble over each other. To work around this, we synchronize @@ -148,7 +148,7 @@ class CRYPTO_EXPORT AutoNSSWriteLock { base::Lock *lock_; DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock); }; -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) } // namespace crypto diff --git a/crypto/rsa_private_key.h b/crypto/rsa_private_key.h index 221e341..78a660e 100644 --- a/crypto/rsa_private_key.h +++ b/crypto/rsa_private_key.h @@ -13,7 +13,7 @@ #include "base/basictypes.h" #include "crypto/crypto_export.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include "base/gtest_prod_util.h" #endif @@ -180,7 +180,7 @@ class CRYPTO_EXPORT RSAPrivateKey { static RSAPrivateKey* CreateFromPrivateKeyInfo( const std::vector<uint8>& input); -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // Create a new random instance in |slot|. Can return NULL if initialization // fails. The created key is permanent and is not exportable in plaintext // form. @@ -241,7 +241,7 @@ class CRYPTO_EXPORT RSAPrivateKey { bool ExportPublicKey(std::vector<uint8>* output) const; private: -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) FRIEND_TEST_ALL_PREFIXES(RSAPrivateKeyNSSTest, FindFromPublicKey); FRIEND_TEST_ALL_PREFIXES(RSAPrivateKeyNSSTest, FailedFindFromPublicKey); #endif @@ -254,7 +254,7 @@ class CRYPTO_EXPORT RSAPrivateKey { // Shared helper for Create() and CreateSensitive(). // TODO(cmasone): consider replacing |permanent| and |sensitive| with a // flags arg created by ORing together some enumerated values. - // Note: |permanent| is only supported when USE_NSS is defined. + // Note: |permanent| is only supported when USE_NSS_CERTS is defined. static RSAPrivateKey* CreateWithParams(PK11SlotInfo* slot, uint16 num_bits, bool permanent, @@ -262,7 +262,7 @@ class CRYPTO_EXPORT RSAPrivateKey { // Shared helper for CreateFromPrivateKeyInfo() and // CreateSensitiveFromPrivateKeyInfo(). - // Note: |permanent| is only supported when USE_NSS is defined. + // Note: |permanent| is only supported when USE_NSS_CERTS is defined. static RSAPrivateKey* CreateFromPrivateKeyInfoWithParams( PK11SlotInfo* slot, const std::vector<uint8>& input, @@ -270,7 +270,7 @@ class CRYPTO_EXPORT RSAPrivateKey { bool sensitive); #endif -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // Import an existing public key. The format of the public key blob // is an X509 SubjectPublicKeyInfo block. This can return NULL if // initialization fails. The caller takes ownership of the returned diff --git a/crypto/rsa_private_key_nss.cc b/crypto/rsa_private_key_nss.cc index c51e308..45b2be7 100644 --- a/crypto/rsa_private_key_nss.cc +++ b/crypto/rsa_private_key_nss.cc @@ -38,7 +38,7 @@ static bool ReadAttribute(SECKEYPrivateKey* key, return true; } -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) struct PublicKeyInfoDeleter { inline void operator()(CERTSubjectPublicKeyInfo* spki) { SECKEY_DestroySubjectPublicKeyInfo(spki); @@ -67,7 +67,7 @@ crypto::ScopedSECKEYPublicKey GetRSAPublicKey(const std::vector<uint8>& input) { return crypto::ScopedSECKEYPublicKey(); return result.Pass(); } -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) } // namespace @@ -104,7 +104,7 @@ RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( false /* not sensitive */); } -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // static RSAPrivateKey* RSAPrivateKey::CreateSensitive(PK11SlotInfo* slot, uint16 num_bits) { @@ -313,7 +313,7 @@ RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfoWithParams( return result.release(); } -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // static RSAPrivateKey* RSAPrivateKey::InitPublicPart(const std::vector<uint8>& input) { EnsureNSSInit(); @@ -327,6 +327,6 @@ RSAPrivateKey* RSAPrivateKey::InitPublicPart(const std::vector<uint8>& input) { return result.release(); } -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) } // namespace crypto diff --git a/crypto/rsa_private_key_unittest.cc b/crypto/rsa_private_key_unittest.cc index cbc3799..ee5b121 100644 --- a/crypto/rsa_private_key_unittest.cc +++ b/crypto/rsa_private_key_unittest.cc @@ -445,9 +445,9 @@ TEST(RSAPrivateKeyUnitTest, ShortIntegers) { input2.size())); } -// The following test can run if either USE_NSS or USE_OPENSSL is defined, but -// not otherwise (since it uses crypto::RSAPrivateKey::CreateFromKey). -#if defined(USE_NSS) || defined(USE_OPENSSL) +// The following test can run if either USE_NSS_CERTS or USE_OPENSSL is defined, +// but not otherwise (since it uses crypto::RSAPrivateKey::CreateFromKey). +#if defined(USE_NSS_CERTS) || defined(USE_OPENSSL) TEST(RSAPrivateKeyUnitTest, CreateFromKeyTest) { scoped_ptr<crypto::RSAPrivateKey> key_pair( crypto::RSAPrivateKey::Create(256)); diff --git a/crypto/signature_creator.h b/crypto/signature_creator.h index c221e7b..ab9d2c1 100644 --- a/crypto/signature_creator.h +++ b/crypto/signature_creator.h @@ -14,7 +14,7 @@ #if defined(USE_OPENSSL) // Forward declaration for openssl/*.h typedef struct env_md_ctx_st EVP_MD_CTX; -#elif defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) +#elif defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX) // Forward declaration. struct SGNContextStr; #endif @@ -61,7 +61,7 @@ class CRYPTO_EXPORT SignatureCreator { #if defined(USE_OPENSSL) EVP_MD_CTX* sign_context_; -#elif defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) +#elif defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX) SGNContextStr* sign_context_; #endif diff --git a/crypto/symmetric_key.h b/crypto/symmetric_key.h index ab105c1..996c592 100644 --- a/crypto/symmetric_key.h +++ b/crypto/symmetric_key.h @@ -14,7 +14,7 @@ // See comments for crypto_nacl_win64 in crypto.gyp. // Must test for NACL_WIN64 before OS_WIN since former is a subset of latter. #include "crypto/scoped_capi_types.h" -#elif defined(USE_NSS) || \ +#elif defined(USE_NSS_CERTS) || \ (!defined(USE_OPENSSL) && (defined(OS_WIN) || defined(OS_MACOSX))) #include "crypto/scoped_nss_types.h" #endif @@ -61,7 +61,7 @@ class CRYPTO_EXPORT SymmetricKey { HCRYPTKEY key() const { return key_.get(); } #elif defined(USE_OPENSSL) const std::string& key() { return key_; } -#elif defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) +#elif defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX) PK11SymKey* key() const { return key_.get(); } #endif @@ -88,7 +88,7 @@ class CRYPTO_EXPORT SymmetricKey { #elif defined(USE_OPENSSL) SymmetricKey() {} std::string key_; -#elif defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) +#elif defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX) explicit SymmetricKey(PK11SymKey* key); ScopedPK11SymKey key_; #endif diff --git a/net/BUILD.gn b/net/BUILD.gn index 4a0e7d9..b425371 100644 --- a/net/BUILD.gn +++ b/net/BUILD.gn @@ -461,7 +461,7 @@ component("net") { if (is_ios) { # Add back some sources that were otherwise filtered out. iOS additionally - # doesn't set USE_NSS but needs some of the files. + # doesn't set USE_NSS_CERTS but needs some of the files. set_sources_assignment_filter([]) sources += [ "base/net_util_mac.cc", diff --git a/net/base/crypto_module.h b/net/base/crypto_module.h index be876ef..164df3c 100644 --- a/net/base/crypto_module.h +++ b/net/base/crypto_module.h @@ -11,7 +11,7 @@ #include "base/memory/ref_counted.h" #include "net/base/net_export.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) typedef struct PK11SlotInfoStr PK11SlotInfo; #endif @@ -24,7 +24,7 @@ typedef std::vector<scoped_refptr<CryptoModule> > CryptoModuleList; class NET_EXPORT CryptoModule : public base::RefCountedThreadSafe<CryptoModule> { public: -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) typedef PK11SlotInfo* OSModuleHandle; #else typedef void* OSModuleHandle; diff --git a/net/base/keygen_handler.cc b/net/base/keygen_handler.cc index 88013bc..d1e91a4 100644 --- a/net/base/keygen_handler.cc +++ b/net/base/keygen_handler.cc @@ -4,9 +4,9 @@ #include "net/base/keygen_handler.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include "crypto/nss_crypto_module_delegate.h" -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) namespace net { diff --git a/net/base/keygen_handler.h b/net/base/keygen_handler.h index 8262775..9cccee8 100644 --- a/net/base/keygen_handler.h +++ b/net/base/keygen_handler.h @@ -41,24 +41,24 @@ class NET_EXPORT KeygenHandler { // Exposed only for unit tests. void set_stores_key(bool store) { stores_key_ = store;} -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // Register the delegate to be used to get the token to store the key in, and // to get the password if the token is unauthenticated. // GenKeyAndSignChallenge runs on a worker thread, so using a blocking // password callback is okay here. void set_crypto_module_delegate( scoped_ptr<crypto::NSSCryptoModuleDelegate> delegate); -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) private: int key_size_in_bits_; // key size in bits (usually 2048) std::string challenge_; // challenge string sent by server GURL url_; // the URL that requested the key bool stores_key_; // should the generated key-pair be stored persistently? -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // The callback for requesting a password to the PKCS#11 token. scoped_ptr<crypto::NSSCryptoModuleDelegate> crypto_module_delegate_; -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) }; } // namespace net diff --git a/net/base/keygen_handler_unittest.cc b/net/base/keygen_handler_unittest.cc index 2357328..74d9146 100644 --- a/net/base/keygen_handler_unittest.cc +++ b/net/base/keygen_handler_unittest.cc @@ -16,7 +16,7 @@ #include "build/build_config.h" #include "testing/gtest/include/gtest/gtest.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include <private/pprthred.h> // PR_DetachThread #include "crypto/nss_crypto_module_delegate.h" #include "crypto/scoped_test_nss_db.h" @@ -26,7 +26,7 @@ namespace net { namespace { -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) class StubCryptoModuleDelegate : public crypto::NSSCryptoModuleDelegate { public: explicit StubCryptoModuleDelegate(crypto::ScopedPK11Slot slot) @@ -55,7 +55,7 @@ class KeygenHandlerTest : public ::testing::Test { scoped_ptr<KeygenHandler> CreateKeygenHandler() { scoped_ptr<KeygenHandler> handler(new KeygenHandler( 768, "some challenge", GURL("http://www.example.com"))); -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) handler->set_crypto_module_delegate( scoped_ptr<crypto::NSSCryptoModuleDelegate>( new StubCryptoModuleDelegate(crypto::ScopedPK11Slot( @@ -65,7 +65,7 @@ class KeygenHandlerTest : public ::testing::Test { } private: -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) crypto::ScopedTestNSSDB test_nss_db_; #endif }; @@ -124,7 +124,7 @@ void ConcurrencyTestCallback(const std::string& challenge, handler->set_stores_key(false); // Don't leave the key-pair behind. *result = handler->GenKeyAndSignChallenge(); event->Signal(); -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // Detach the thread from NSPR. // Calling NSS functions attaches the thread to NSPR, which stores // the NSPR thread ID in thread-specific data. diff --git a/net/cert/cert_verify_proc.cc b/net/cert/cert_verify_proc.cc index d1fef99..1e3fc89 100644 --- a/net/cert/cert_verify_proc.cc +++ b/net/cert/cert_verify_proc.cc @@ -23,7 +23,7 @@ #include "net/cert/x509_certificate.h" #include "url/url_canon.h" -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) #include "net/cert/cert_verify_proc_nss.h" #elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID) #include "net/cert/cert_verify_proc_openssl.h" @@ -169,7 +169,7 @@ bool ExaminePublicKeys(const scoped_refptr<X509Certificate>& cert, // static CertVerifyProc* CertVerifyProc::CreateDefault() { -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) return new CertVerifyProcNSS(); #elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID) return new CertVerifyProcOpenSSL(); diff --git a/net/cert/cert_verify_proc_unittest.cc b/net/cert/cert_verify_proc_unittest.cc index ed6f028..1d4ac9b 100644 --- a/net/cert/cert_verify_proc_unittest.cc +++ b/net/cert/cert_verify_proc_unittest.cc @@ -212,7 +212,7 @@ TEST_F(CertVerifyProcTest, PaypalNullCertParsing) { NULL, empty_cert_list_, &verify_result); -#if defined(USE_NSS) || defined(OS_IOS) || defined(OS_ANDROID) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) || defined(OS_ANDROID) EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); #else // TOOD(bulach): investigate why macosx and win aren't returning @@ -222,7 +222,7 @@ TEST_F(CertVerifyProcTest, PaypalNullCertParsing) { // Either the system crypto library should correctly report a certificate // name mismatch, or our certificate blacklist should cause us to report an // invalid certificate. -#if defined(USE_NSS) || defined(OS_WIN) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_IOS) EXPECT_TRUE(verify_result.cert_status & (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID)); #endif @@ -754,7 +754,7 @@ TEST_F(CertVerifyProcTest, InvalidKeyUsage) { #endif // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors // from NSS. -#if !defined(USE_NSS) && !defined(OS_IOS) && !defined(OS_ANDROID) +#if !defined(USE_NSS_CERTS) && !defined(OS_IOS) && !defined(OS_ANDROID) // The certificate is issued by an unknown CA. EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); #endif @@ -1166,7 +1166,8 @@ TEST_F(CertVerifyProcTest, CybertrustGTERoot) { } #endif -#if defined(USE_NSS) || defined(OS_IOS) || defined(OS_WIN) || defined(OS_MACOSX) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) || defined(OS_WIN) || \ + defined(OS_MACOSX) // Test that CRLSets are effective in making a certificate appear to be // revoked. TEST_F(CertVerifyProcTest, CRLSet) { @@ -1420,7 +1421,7 @@ const WeakDigestTestData kVerifyIntermediateCATestData[] = { "weak_digest_sha1_ee.pem", EXPECT_MD2 | EXPECT_SHA1 }, }; // Disabled on NSS - MD4 is not supported, and MD2 and MD5 are disabled. -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) #define MAYBE_VerifyIntermediate DISABLED_VerifyIntermediate #else #define MAYBE_VerifyIntermediate VerifyIntermediate @@ -1445,7 +1446,7 @@ const WeakDigestTestData kVerifyEndEntityTestData[] = { // Disabled on NSS - NSS caches chains/signatures in such a way that cannot // be cleared until NSS is cleanly shutdown, which is not presently supported // in Chromium. -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) #define MAYBE_VerifyEndEntity DISABLED_VerifyEndEntity #else #define MAYBE_VerifyEndEntity VerifyEndEntity @@ -1468,7 +1469,7 @@ const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = { }; // Disabled on NSS - libpkix does not return constructed chains on error, // preventing us from detecting/inspecting the verified chain. -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) #define MAYBE_VerifyIncompleteIntermediate \ DISABLED_VerifyIncompleteIntermediate #else @@ -1493,7 +1494,7 @@ const WeakDigestTestData kVerifyIncompleteEETestData[] = { }; // Disabled on NSS - libpkix does not return constructed chains on error, // preventing us from detecting/inspecting the verified chain. -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) #define MAYBE_VerifyIncompleteEndEntity DISABLED_VerifyIncompleteEndEntity #else #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity @@ -1518,7 +1519,7 @@ const WeakDigestTestData kVerifyMixedTestData[] = { }; // NSS does not support MD4 and does not enable MD2 by default, making all // permutations invalid. -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) #define MAYBE_VerifyMixed DISABLED_VerifyMixed #else #define MAYBE_VerifyMixed VerifyMixed diff --git a/net/cert/ct_objects_extractor_nss.cc b/net/cert/ct_objects_extractor_nss.cc index c29b34c..b4c1da3 100644 --- a/net/cert/ct_objects_extractor_nss.cc +++ b/net/cert/ct_objects_extractor_nss.cc @@ -41,7 +41,7 @@ struct NSSCertWrapper { }; NSSCertWrapper::NSSCertWrapper(X509Certificate::OSCertHandle cert_handle) { -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) cert.reset(CERT_DupCertificate(cert_handle)); #else SECItem der_cert; diff --git a/net/cert/ev_root_ca_metadata.cc b/net/cert/ev_root_ca_metadata.cc index b0c8320..8dd55f4 100644 --- a/net/cert/ev_root_ca_metadata.cc +++ b/net/cert/ev_root_ca_metadata.cc @@ -4,7 +4,7 @@ #include "net/cert/ev_root_ca_metadata.h" -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) #include <cert.h> #include <pkcs11n.h> #include <secerr.h> @@ -15,13 +15,13 @@ #include "base/lazy_instance.h" #include "base/logging.h" -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) #include "crypto/nss_util.h" #endif namespace net { -#if defined(USE_NSS) || defined(OS_IOS) || defined(OS_WIN) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) || defined(OS_WIN) // Raw metadata. struct EVMetadata { // kMaxOIDsPerCA is the number of OIDs that we can support per root CA. At @@ -498,7 +498,7 @@ static const EVMetadata ev_root_ca_metadata[] = { } }; -#endif // defined(USE_NSS) || defined(OS_IOS) || defined(OS_WIN) +#endif // defined(USE_NSS_CERTS) || defined(OS_IOS) || defined(OS_WIN) static base::LazyInstance<EVRootCAMetadata>::Leaky g_ev_root_ca_metadata = LAZY_INSTANCE_INITIALIZER; @@ -508,7 +508,7 @@ EVRootCAMetadata* EVRootCAMetadata::GetInstance() { return g_ev_root_ca_metadata.Pointer(); } -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) bool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid) const { return policy_oids_.find(policy_oid) != policy_oids_.end(); } @@ -654,7 +654,7 @@ bool EVRootCAMetadata::RemoveEVCA(const SHA1HashValue& fingerprint) { EVRootCAMetadata::EVRootCAMetadata() { // Constructs the object from the raw metadata in ev_root_ca_metadata. -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) crypto::EnsureNSSInit(); for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) { diff --git a/net/cert/ev_root_ca_metadata.h b/net/cert/ev_root_ca_metadata.h index aad7848..10227a2 100644 --- a/net/cert/ev_root_ca_metadata.h +++ b/net/cert/ev_root_ca_metadata.h @@ -7,7 +7,7 @@ #include "build/build_config.h" -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) #include <secoidt.h> #endif @@ -30,7 +30,7 @@ namespace net { // extended-validation (EV) certificates. class NET_EXPORT_PRIVATE EVRootCAMetadata { public: -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) typedef SECOidTag PolicyOID; #elif defined(OS_WIN) typedef const char* PolicyOID; @@ -38,7 +38,7 @@ class NET_EXPORT_PRIVATE EVRootCAMetadata { static EVRootCAMetadata* GetInstance(); -#if defined(USE_NSS) || defined(OS_WIN) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_IOS) // Returns true if policy_oid is an EV policy OID of some root CA. bool IsEVPolicyOID(PolicyOID policy_oid) const; @@ -63,7 +63,7 @@ class NET_EXPORT_PRIVATE EVRootCAMetadata { EVRootCAMetadata(); ~EVRootCAMetadata(); -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) typedef std::map<SHA1HashValue, std::vector<PolicyOID>, SHA1HashValueLessThan> PolicyOIDMap; diff --git a/net/cert/ev_root_ca_metadata_unittest.cc b/net/cert/ev_root_ca_metadata_unittest.cc index e26603c..39699e26 100644 --- a/net/cert/ev_root_ca_metadata_unittest.cc +++ b/net/cert/ev_root_ca_metadata_unittest.cc @@ -8,7 +8,7 @@ #include "net/test/cert_test_util.h" #include "testing/gtest/include/gtest/gtest.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include "crypto/scoped_nss_types.h" #endif @@ -16,7 +16,7 @@ namespace net { namespace { -#if defined(USE_NSS) || defined(OS_WIN) +#if defined(USE_NSS_CERTS) || defined(OS_WIN) const char kVerisignPolicy[] = "2.16.840.1.113733.1.7.23.6"; const char kThawtePolicy[] = "2.16.840.1.113733.1.7.48.1"; const char kFakePolicy[] = "2.16.840.1.42"; @@ -37,9 +37,9 @@ class EVOidData { EVRootCAMetadata::PolicyOID fake_policy; }; -#endif // defined(USE_NSS) || defined(OS_WIN) +#endif // defined(USE_NSS_CERTS) || defined(OS_WIN) -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) SECOidTag RegisterOID(PLArenaPool* arena, const char* oid_string) { SECOidData oid_data; @@ -90,7 +90,7 @@ bool EVOidData::Init() { #endif -#if defined(USE_NSS) || defined(OS_WIN) +#if defined(USE_NSS_CERTS) || defined(OS_WIN) class EVRootCAMetadataTest : public testing::Test { protected: @@ -135,7 +135,7 @@ TEST_F(EVRootCAMetadataTest, AddRemove) { ev_oid_data.fake_policy)); } -#endif // defined(USE_NSS) || defined(OS_WIN) +#endif // defined(USE_NSS_CERTS) || defined(OS_WIN) } // namespace diff --git a/net/cert/multi_threaded_cert_verifier.cc b/net/cert/multi_threaded_cert_verifier.cc index e543d76..9e78abb 100644 --- a/net/cert/multi_threaded_cert_verifier.cc +++ b/net/cert/multi_threaded_cert_verifier.cc @@ -26,7 +26,7 @@ #include "net/cert/x509_certificate_net_log_param.h" #include "net/log/net_log.h" -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) #include <private/pprthred.h> // PR_DetachThread #endif @@ -263,7 +263,7 @@ class CertVerifierWorker { crl_set_.get(), additional_trust_anchors_, &verify_result_); -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) // Detach the thread from NSPR. // Calling NSS functions attaches the thread to NSPR, which stores // the NSPR thread ID in thread-specific data. diff --git a/net/cert/test_root_certs.h b/net/cert/test_root_certs.h index 9d2cc2a..32eb999 100644 --- a/net/cert/test_root_certs.h +++ b/net/cert/test_root_certs.h @@ -10,7 +10,7 @@ #include "build/build_config.h" #include "net/base/net_export.h" -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) #include <list> #elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID) #include <vector> @@ -23,7 +23,7 @@ #include "base/mac/scoped_cftyperef.h" #endif -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) typedef struct CERTCertificateStr CERTCertificate; #elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID) typedef struct x509_st X509; @@ -64,7 +64,7 @@ class NET_EXPORT TestRootCerts { // Returns true if there are no certificates that have been marked trusted. bool IsEmpty() const; -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) bool Contains(CERTCertificate* cert) const; #elif defined(OS_MACOSX) && !defined(OS_IOS) CFArrayRef temporary_roots() const { return temporary_roots_; } @@ -101,7 +101,7 @@ class NET_EXPORT TestRootCerts { // Performs platform-dependent initialization. void Init(); -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) // It is necessary to maintain a cache of the original certificate trust // settings, in order to restore them when Clear() is called. class TrustEntry; diff --git a/net/cert/test_root_certs_nss.cc b/net/cert/test_root_certs_nss.cc index 3c27145..f7d855c 100644 --- a/net/cert/test_root_certs_nss.cc +++ b/net/cert/test_root_certs_nss.cc @@ -114,7 +114,7 @@ bool TestRootCerts::IsEmpty() const { return trust_cache_.empty(); } -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) bool TestRootCerts::Contains(CERTCertificate* cert) const { for (std::list<TrustEntry*>::const_iterator it = trust_cache_.begin(); it != trust_cache_.end(); ++it) { diff --git a/net/cert/test_root_certs_unittest.cc b/net/cert/test_root_certs_unittest.cc index a2cf695..1bbb8fc 100644 --- a/net/cert/test_root_certs_unittest.cc +++ b/net/cert/test_root_certs_unittest.cc @@ -14,7 +14,7 @@ #include "net/test/cert_test_util.h" #include "testing/gtest/include/gtest/gtest.h" -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) #include <nss.h> #endif @@ -68,7 +68,7 @@ TEST(TestRootCertsTest, AddFromFile) { // the results of the rest of net_unittests, ensuring that the trust status // is properly being set and cleared. TEST(TestRootCertsTest, OverrideTrust) { -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) if (NSS_VersionCheck("3.14.2") && !NSS_VersionCheck("3.15")) { // See http://bugzil.la/863947 for details LOG(INFO) << "Skipping test for NSS 3.14.2 - NSS 3.15"; @@ -135,7 +135,8 @@ TEST(TestRootCertsTest, OverrideTrust) { EXPECT_EQ(bad_verify_result.cert_status, restored_verify_result.cert_status); } -#if defined(USE_NSS) || (defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)) +#if defined(USE_NSS_CERTS) || \ + (defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)) TEST(TestRootCertsTest, Contains) { // Another test root certificate. const char kRootCertificateFile2[] = "2048-rsa-root.pem"; diff --git a/net/cert/x509_certificate.cc b/net/cert/x509_certificate.cc index a612fb0..2b0a10a 100644 --- a/net/cert/x509_certificate.cc +++ b/net/cert/x509_certificate.cc @@ -46,7 +46,7 @@ const char kCertificateHeader[] = "CERTIFICATE"; // The PEM block header used for PKCS#7 data const char kPKCS7Header[] = "PKCS7"; -#if !defined(USE_NSS) +#if !defined(USE_NSS_CERTS) // A thread-safe cache for OS certificate handles. // // Within each of the supported underlying crypto libraries, a certificate @@ -187,19 +187,19 @@ void X509CertificateCache::Remove(X509Certificate::OSCertHandle cert_handle) { cache_.erase(pos); } } -#endif // !defined(USE_NSS) +#endif // !defined(USE_NSS_CERTS) // See X509CertificateCache::InsertOrUpdate. NSS has a built-in cache, so there // is no point in wrapping another cache around it. void InsertOrUpdateCache(X509Certificate::OSCertHandle* cert_handle) { -#if !defined(USE_NSS) +#if !defined(USE_NSS_CERTS) g_x509_certificate_cache.Pointer()->InsertOrUpdate(cert_handle); #endif } // See X509CertificateCache::Remove. void RemoveFromCache(X509Certificate::OSCertHandle cert_handle) { -#if !defined(USE_NSS) +#if !defined(USE_NSS_CERTS) g_x509_certificate_cache.Pointer()->Remove(cert_handle); #endif } diff --git a/net/cert/x509_certificate.h b/net/cert/x509_certificate.h index 6c0f0e9..11ac0bb 100644 --- a/net/cert/x509_certificate.h +++ b/net/cert/x509_certificate.h @@ -28,7 +28,7 @@ // Forward declaration; real one in <x509.h> typedef struct x509_st X509; typedef struct x509_store_st X509_STORE; -#elif defined(USE_NSS) +#elif defined(USE_NSS_CERTS) // Forward declaration; real one in <cert.h> struct CERTCertificateStr; #endif @@ -59,7 +59,7 @@ class NET_EXPORT X509Certificate typedef SecCertificateRef OSCertHandle; #elif defined(USE_OPENSSL_CERTS) typedef X509* OSCertHandle; -#elif defined(USE_NSS) +#elif defined(USE_NSS_CERTS) typedef struct CERTCertificateStr* OSCertHandle; #else // TODO(ericroman): not implemented @@ -155,7 +155,7 @@ class NET_EXPORT X509Certificate // The returned pointer must be stored in a scoped_refptr<X509Certificate>. static X509Certificate* CreateFromBytes(const char* data, int length); -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // Create an X509Certificate from the DER-encoded representation. // |nickname| can be NULL if an auto-generated nickname is desired. // Returns NULL on failure. The returned pointer must be stored in a @@ -362,7 +362,7 @@ class NET_EXPORT X509Certificate static OSCertHandle CreateOSCertHandleFromBytes(const char* data, int length); -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // Creates an OS certificate handle from the DER-encoded representation. // Returns NULL on failure. Sets the default nickname if |nickname| is // non-NULL. @@ -508,7 +508,7 @@ class NET_EXPORT X509Certificate // that may be needed for chain building. OSCertHandles intermediate_ca_certs_; -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // This stores any default nickname that has been set on the certificate // at creation time with CreateFromBytesWithNickname. // If this is empty, then GetDefaultNickname will return a generated name diff --git a/net/cert/x509_certificate_unittest.cc b/net/cert/x509_certificate_unittest.cc index 74ded45..2ff572d4 100644 --- a/net/cert/x509_certificate_unittest.cc +++ b/net/cert/x509_certificate_unittest.cc @@ -20,7 +20,7 @@ #include "net/test/test_certificate_data.h" #include "testing/gtest/include/gtest/gtest.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include <cert.h> #endif @@ -796,7 +796,7 @@ TEST(X509CertificateTest, FreeNullHandle) { X509Certificate::FreeOSCertHandle(NULL); } -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) TEST(X509CertificateTest, GetDefaultNickname) { base::FilePath certs_dir = GetTestCertsDirectory(); diff --git a/net/cert/x509_util_nss.cc b/net/cert/x509_util_nss.cc index b138bd4..9711ef6 100644 --- a/net/cert/x509_util_nss.cc +++ b/net/cert/x509_util_nss.cc @@ -194,7 +194,7 @@ bool SignCertificate( return true; } -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) // Callback for CERT_DecodeCertPackage(), used in // CreateOSCertHandlesFromBytes(). SECStatus PR_CALLBACK CollectCertsCallback(void* arg, @@ -244,7 +244,7 @@ CERTName* CreateCertNameFromEncoded(PLArenaPool* arena, return name.release(); } -#endif // defined(USE_NSS) || defined(OS_IOS) +#endif // defined(USE_NSS_CERTS) || defined(OS_IOS) } // namespace @@ -368,7 +368,7 @@ bool CreateChannelIDEC(crypto::ECPrivateKey* key, return true; } -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) void ParsePrincipal(CERTName* name, CertPrincipal* principal) { // Starting in NSS 3.15, CERTGetNameFunc takes a const CERTName* argument. #if NSS_VMINOR >= 15 @@ -631,7 +631,7 @@ std::string GetUniqueNicknameForSlot(const std::string& nickname, return new_name; } -#endif // defined(USE_NSS) || defined(OS_IOS) +#endif // defined(USE_NSS_CERTS) || defined(OS_IOS) } // namespace x509_util diff --git a/net/cert/x509_util_nss.h b/net/cert/x509_util_nss.h index 877dc48..430a16f 100644 --- a/net/cert/x509_util_nss.h +++ b/net/cert/x509_util_nss.h @@ -24,7 +24,7 @@ namespace net { namespace x509_util { -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) // Parses the Principal attribute from |name| and outputs the result in // |principal|. void ParsePrincipal(CERTName* name, @@ -90,7 +90,7 @@ bool IsCertificateIssuedBy(const std::vector<CERTCertificate*>& cert_chain, std::string GetUniqueNicknameForSlot(const std::string& nickname, const SECItem* subject, PK11SlotInfo* slot); -#endif // defined(USE_NSS) || defined(OS_IOS) +#endif // defined(USE_NSS_CERTS) || defined(OS_IOS) } // namespace x509_util diff --git a/net/http/des.cc b/net/http/des.cc index daac8a4..17aae4d 100644 --- a/net/http/des.cc +++ b/net/http/des.cc @@ -9,7 +9,7 @@ #if defined(USE_OPENSSL) #include <openssl/des.h> #include "crypto/openssl_util.h" -#elif defined(USE_NSS) +#elif defined(USE_NSS_CERTS) #include <nss.h> #include <pk11pub.h> #include "crypto/nss_util.h" @@ -100,7 +100,7 @@ void DESEncrypt(const uint8* key, const uint8* src, uint8* hash) { reinterpret_cast<DES_cblock*>(hash), &ks, DES_ENCRYPT); } -#elif defined(USE_NSS) +#elif defined(USE_NSS_CERTS) void DESEncrypt(const uint8* key, const uint8* src, uint8* hash) { CK_MECHANISM_TYPE cipher_mech = CKM_DES_ECB; diff --git a/net/net_common.gypi b/net/net_common.gypi index 125e22f..4bb8235 100644 --- a/net/net_common.gypi +++ b/net/net_common.gypi @@ -410,8 +410,9 @@ ['include', '^base/network_config_watcher_mac\\.cc$'], ['include', '^base/platform_mime_util_mac\\.mm$'], # The iOS implementation only partially uses NSS and thus does not - # defines |use_nss_certs|. In particular the |USE_NSS| preprocessor - # definition is not used. The following files are needed though: + # defines |use_nss_certs|. In particular the |USE_NSS_CERTS| + # preprocessor definition is not used. The following files are needed + # though: ['include', '^cert/cert_verify_proc_nss\\.cc$'], ['include', '^cert/cert_verify_proc_nss\\.h$'], ['include', '^cert/test_root_certs_nss\\.cc$'], diff --git a/net/quic/crypto/aead_base_decrypter.h b/net/quic/crypto/aead_base_decrypter.h index 4e74756..de9e996 100644 --- a/net/quic/crypto/aead_base_decrypter.h +++ b/net/quic/crypto/aead_base_decrypter.h @@ -63,9 +63,9 @@ class NET_EXPORT_PRIVATE AeadBaseDecrypter : public QuicDecrypter { unsigned int len; union { CK_GCM_PARAMS gcm_params; -#if !defined(USE_NSS) - // USE_NSS means we are using system NSS rather than our copy of NSS. - // The system NSS <pkcs11n.h> header doesn't define this type yet. +#if !defined(USE_NSS_CERTS) + // USE_NSS_CERTS implies we are using system NSS rather than our copy of + // NSS. The system NSS <pkcs11n.h> header doesn't define this type yet. CK_NSS_AEAD_PARAMS nss_aead_params; #endif } data; diff --git a/net/quic/crypto/aead_base_encrypter.h b/net/quic/crypto/aead_base_encrypter.h index 8108744..86db32c 100644 --- a/net/quic/crypto/aead_base_encrypter.h +++ b/net/quic/crypto/aead_base_encrypter.h @@ -71,9 +71,9 @@ class NET_EXPORT_PRIVATE AeadBaseEncrypter : public QuicEncrypter { unsigned int len; union { CK_GCM_PARAMS gcm_params; -#if !defined(USE_NSS) - // USE_NSS means we are using system NSS rather than our copy of NSS. - // The system NSS <pkcs11n.h> header doesn't define this type yet. +#if !defined(USE_NSS_CERTS) + // USE_NSS_CERTS implies we are using system NSS rather than our copy of + // NSS. The system NSS <pkcs11n.h> header doesn't define this type yet. CK_NSS_AEAD_PARAMS nss_aead_params; #endif } data; diff --git a/net/quic/crypto/aes_128_gcm_12_decrypter_nss.cc b/net/quic/crypto/aes_128_gcm_12_decrypter_nss.cc index 2378d3a..f6c3d6d 100644 --- a/net/quic/crypto/aes_128_gcm_12_decrypter_nss.cc +++ b/net/quic/crypto/aes_128_gcm_12_decrypter_nss.cc @@ -11,7 +11,7 @@ #include "crypto/ghash.h" #include "crypto/scoped_nss_types.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include <dlfcn.h> #endif @@ -40,7 +40,7 @@ class GcmSupportChecker { friend struct base::DefaultLazyInstanceTraits<GcmSupportChecker>; GcmSupportChecker() { -#if !defined(USE_NSS) +#if !defined(USE_NSS_CERTS) // Using a bundled version of NSS that is guaranteed to have this symbol. pk11_decrypt_func_ = PK11_Decrypt; #else diff --git a/net/quic/crypto/aes_128_gcm_12_encrypter_nss.cc b/net/quic/crypto/aes_128_gcm_12_encrypter_nss.cc index 5ca33bf..6ad96f4 100644 --- a/net/quic/crypto/aes_128_gcm_12_encrypter_nss.cc +++ b/net/quic/crypto/aes_128_gcm_12_encrypter_nss.cc @@ -11,7 +11,7 @@ #include "crypto/ghash.h" #include "crypto/scoped_nss_types.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include <dlfcn.h> #endif @@ -40,7 +40,7 @@ class GcmSupportChecker { friend struct base::DefaultLazyInstanceTraits<GcmSupportChecker>; GcmSupportChecker() { -#if !defined(USE_NSS) +#if !defined(USE_NSS_CERTS) // Using a bundled version of NSS that is guaranteed to have this symbol. pk11_encrypt_func_ = PK11_Encrypt; #else diff --git a/net/quic/crypto/chacha20_poly1305_decrypter_nss.cc b/net/quic/crypto/chacha20_poly1305_decrypter_nss.cc index b78db05..c0b906b 100644 --- a/net/quic/crypto/chacha20_poly1305_decrypter_nss.cc +++ b/net/quic/crypto/chacha20_poly1305_decrypter_nss.cc @@ -19,7 +19,7 @@ const size_t kNoncePrefixSize = 0; } // namespace -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // System NSS doesn't support ChaCha20+Poly1305 yet. @@ -44,7 +44,7 @@ void ChaCha20Poly1305Decrypter::FillAeadParams( NOTIMPLEMENTED(); } -#else // defined(USE_NSS) +#else // defined(USE_NSS_CERTS) ChaCha20Poly1305Decrypter::ChaCha20Poly1305Decrypter() : AeadBaseDecrypter(CKM_NSS_CHACHA20_POLY1305, PK11_Decrypt, kKeySize, @@ -77,6 +77,6 @@ void ChaCha20Poly1305Decrypter::FillAeadParams( nss_aead_params->ulTagLen = auth_tag_size; } -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) } // namespace net diff --git a/net/quic/crypto/chacha20_poly1305_encrypter_nss.cc b/net/quic/crypto/chacha20_poly1305_encrypter_nss.cc index 770088c..2c51da8 100644 --- a/net/quic/crypto/chacha20_poly1305_encrypter_nss.cc +++ b/net/quic/crypto/chacha20_poly1305_encrypter_nss.cc @@ -19,7 +19,7 @@ const size_t kNoncePrefixSize = 0; } // namespace -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // System NSS doesn't support ChaCha20+Poly1305 yet. @@ -43,7 +43,7 @@ void ChaCha20Poly1305Encrypter::FillAeadParams(StringPiece nonce, NOTIMPLEMENTED(); } -#else // defined(USE_NSS) +#else // defined(USE_NSS_CERTS) ChaCha20Poly1305Encrypter::ChaCha20Poly1305Encrypter() : AeadBaseEncrypter(CKM_NSS_CHACHA20_POLY1305, PK11_Encrypt, kKeySize, @@ -75,6 +75,6 @@ void ChaCha20Poly1305Encrypter::FillAeadParams(StringPiece nonce, nss_aead_params->ulTagLen = auth_tag_size; } -#endif // defined(USE_NSS) +#endif // defined(USE_NSS_CERTS) } // namespace net diff --git a/net/socket/client_socket_factory.cc b/net/socket/client_socket_factory.cc index 51aea71..cb5d851 100644 --- a/net/socket/client_socket_factory.cc +++ b/net/socket/client_socket_factory.cc @@ -12,7 +12,7 @@ #include "net/socket/client_socket_handle.h" #if defined(USE_OPENSSL) #include "net/socket/ssl_client_socket_openssl.h" -#elif defined(USE_NSS) || defined(OS_MACOSX) || defined(OS_WIN) +#elif defined(USE_NSS_CERTS) || defined(OS_MACOSX) || defined(OS_WIN) #include "net/socket/ssl_client_socket_nss.h" #endif #include "net/socket/tcp_client_socket.h" @@ -107,7 +107,7 @@ class DefaultClientSocketFactory : public ClientSocketFactory, return scoped_ptr<SSLClientSocket>( new SSLClientSocketOpenSSL(transport_socket.Pass(), host_and_port, ssl_config, context)); -#elif defined(USE_NSS) || defined(OS_MACOSX) || defined(OS_WIN) +#elif defined(USE_NSS_CERTS) || defined(OS_MACOSX) || defined(OS_WIN) return scoped_ptr<SSLClientSocket>( new SSLClientSocketNSS(nss_task_runner.get(), transport_socket.Pass(), diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 380a772..16641f9 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -110,7 +110,7 @@ #include "net/ssl/ssl_connection_status_flags.h" #include "net/ssl/ssl_info.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include <dlfcn.h> #endif @@ -159,7 +159,7 @@ const int kSendBufferSize = 17 * 1024; // overlap with any value of the net::Error range, including net::OK). const int kNoPendingReadResult = 1; -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) typedef SECStatus (*CacheOCSPResponseFromSideChannelFunction)( CERTCertDBHandle *handle, CERTCertificate *cert, PRTime time, @@ -2071,7 +2071,7 @@ void SSLClientSocketNSS::Core::UpdateStapledOCSPResponse() { ocsp_responses->items[0].len); if (IsOCSPStaplingSupported()) { -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) CacheOCSPResponseFromSideChannelFunction cache_ocsp_response = GetCacheOCSPResponseFromSideChannelFunction(); @@ -2739,7 +2739,7 @@ int SSLClientSocketNSS::Init() { EnsureNSSSSLInit(); if (!NSS_IsInitialized()) return ERR_UNEXPECTED; -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) if (ssl_config_.cert_io_enabled) { // We must call EnsureNSSHttpIOInit() here, on the IO thread, to get the IO // loop by MessageLoopForIO::current(). diff --git a/net/ssl/channel_id_service.cc b/net/ssl/channel_id_service.cc index 9bc2179..e52d470 100644 --- a/net/ssl/channel_id_service.cc +++ b/net/ssl/channel_id_service.cc @@ -27,7 +27,7 @@ #include "net/cert/x509_util.h" #include "url/gurl.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include <private/pprthred.h> // PR_DetachThread #endif @@ -246,7 +246,7 @@ class ChannelIDServiceWorker { scoped_ptr<ChannelIDStore::ChannelID> cert = GenerateChannelID(server_identifier_, serial_number_, &error); DVLOG(1) << "GenerateCert " << server_identifier_ << " returned " << error; -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // Detach the thread from NSPR. // Calling NSS functions attaches the thread to NSPR, which stores // the NSPR thread ID in thread-specific data. diff --git a/net/test/cert_test_util.h b/net/test/cert_test_util.h index 6334dd7..8ad5664 100644 --- a/net/test/cert_test_util.h +++ b/net/test/cert_test_util.h @@ -11,7 +11,7 @@ #include "net/cert/x509_cert_types.h" #include "net/cert/x509_certificate.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include "base/memory/scoped_ptr.h" // From <pk11pub.h> @@ -30,7 +30,7 @@ namespace net { class EVRootCAMetadata; -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) // Imports a private key from file |key_filename| in |dir|. The file must // contain a PKCS#8 PrivateKeyInfo in DER encoding. The key is imported to // |slot|. diff --git a/net/test/net_test_suite.cc b/net/test/net_test_suite.cc index ee05b86..ac927e5 100644 --- a/net/test/net_test_suite.cc +++ b/net/test/net_test_suite.cc @@ -10,7 +10,7 @@ #include "net/spdy/spdy_session.h" #include "testing/gtest/include/gtest/gtest.h" -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) #include "net/cert_net/nss_ocsp.h" #endif @@ -38,7 +38,7 @@ void NetTestSuite::Initialize() { } void NetTestSuite::Shutdown() { -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) net::ShutdownNSSHttpIO(); #endif diff --git a/net/url_request/url_fetcher_impl_unittest.cc b/net/url_request/url_fetcher_impl_unittest.cc index cb976c9..36aeb5e 100644 --- a/net/url_request/url_fetcher_impl_unittest.cc +++ b/net/url_request/url_fetcher_impl_unittest.cc @@ -33,7 +33,7 @@ #include "net/url_request/url_request_throttler_manager.h" #include "testing/gtest/include/gtest/gtest.h" -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) #include "net/cert_net/nss_ocsp.h" #endif @@ -320,14 +320,14 @@ class URLFetcherTest : public testing::Test, context_->set_throttler_manager(&throttler_manager_); context_->Init(); -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) crypto::EnsureNSSInit(); EnsureNSSHttpIOInit(); #endif } void TearDown() override { -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) ShutdownNSSHttpIO(); #endif } diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc index 9b0d312..18ec0f3 100644 --- a/net/url_request/url_request_unittest.cc +++ b/net/url_request/url_request_unittest.cc @@ -8262,7 +8262,7 @@ class HTTPSOCSPTest : public HTTPSRequestTest { CHECK_NE(static_cast<X509Certificate*>(NULL), root_cert.get()); test_root_.reset(new ScopedTestRoot(root_cert.get())); -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) SetURLRequestContextForNSSHttpIO(&context_); EnsureNSSHttpIOInit(); #endif @@ -8291,7 +8291,7 @@ class HTTPSOCSPTest : public HTTPSRequestTest { } ~HTTPSOCSPTest() override { -#if defined(USE_NSS) || defined(OS_IOS) +#if defined(USE_NSS_CERTS) || defined(OS_IOS) ShutdownNSSHttpIO(); #endif } @@ -8331,7 +8331,7 @@ static CertStatus ExpectedCertStatusForFailedOnlineRevocationCheck() { // If it does not, then tests which rely on 'hard fail' behaviour should be // skipped. static bool SystemSupportsHardFailRevocationChecking() { -#if defined(OS_WIN) || defined(USE_NSS) || defined(OS_IOS) +#if defined(OS_WIN) || defined(USE_NSS_CERTS) || defined(OS_IOS) return true; #else return false; @@ -8370,7 +8370,7 @@ static bool SystemSupportsOCSP() { } static bool SystemSupportsOCSPStapling() { -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) return true; #elif defined(OS_WIN) return base::win::GetVersion() >= base::win::VERSION_VISTA; @@ -8467,7 +8467,7 @@ TEST_F(HTTPSOCSPTest, ValidStapled) { } // Disabled on NSS ports. See https://crbug.com/431716. -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #define MAYBE_RevokedStapled DISABLED_RevokedStapled #else #define MAYBE_RevokedStapled RevokedStapled diff --git a/remoting/host/token_validator_base.cc b/remoting/host/token_validator_base.cc index 5e3d75d..5937c57 100644 --- a/remoting/host/token_validator_base.cc +++ b/remoting/host/token_validator_base.cc @@ -19,7 +19,7 @@ #include "net/base/upload_bytes_element_reader.h" #include "net/base/upload_data_stream.h" #include "net/ssl/client_cert_store.h" -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) #include "net/ssl/client_cert_store_nss.h" #elif defined(OS_WIN) #include "net/ssl/client_cert_store_win.h" @@ -113,7 +113,7 @@ void TokenValidatorBase::OnCertificateRequested( DCHECK_EQ(request_.get(), source); net::ClientCertStore* client_cert_store; -#if defined(USE_NSS) +#if defined(USE_NSS_CERTS) client_cert_store = new net::ClientCertStoreNSS( net::ClientCertStoreNSS::PasswordDelegateFactory()); #elif defined(OS_WIN) |