Finish trimming unnecessary state from non-CrOS NSSInitSingleton

The EnsureNSSInit portions of NSSInitSingleton are now completely stateless and thus have no intersection with the CrOS-specific profile bits. (Except that the CrOS-specific profile bits require NSS to be initialized, but they can just call EnsureNSSInit() like anyone else.) We can split them up entirely now. Bug: 125848 Change-Id: I6c3b32503da763272263ee84bbdb076b7826c81d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1857045Reviewed-by: Matt Mueller <mattm@chromium.org> Commit-Queue: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/master@{#705430}

Finish trimming unnecessary state from non-CrOS NSSInitSingleton
The EnsureNSSInit portions of NSSInitSingleton are now completely stateless and thus have no intersection with the CrOS-specific profile bits. (Except that the CrOS-specific profile bits require NSS to be initialized, but they can just call EnsureNSSInit() like anyone else.) We can split them up entirely now. Bug: 125848 Change-Id: I6c3b32503da763272263ee84bbdb076b7826c81d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1857045Reviewed-by: Matt Mueller <mattm@chromium.org> Commit-Queue: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/master@{#705430}
e838004a · David Benjamin · Commit Bot · c42e3f70 · e838004a · e838004a
Commit e838004a authored Oct 13, 2019 by David Benjamin Committed by Commit Bot Oct 13, 2019
Showing with 9 additions and 45 deletions

chrome/browser/net/nss_context_linux.cc chrome/browser/net/nss_context_linux.cc +4 -5

crypto/nss_util.cc crypto/nss_util.cc +5 -34

crypto/nss_util_internal.h crypto/nss_util_internal.h +0 -6

No files found.
--- a/chrome/browser/net/nss_context_linux.cc
+++ b/chrome/browser/net/nss_context_linux.cc
@@ -5,7 +5,7 @@
 #include "chrome/browser/net/nss_context.h"

 #include "content/public/browser/browser_thread.h"
-#include "crypto/nss_util_internal.h"
+#include "crypto/nss_util.h"
 #include "net/cert/nss_cert_database.h"

 namespace {
@@ -22,11 +22,10 @@ net::NSSCertDatabase* GetNSSCertDatabaseForResourceContext(
    // Linux has only a single persistent slot compared to ChromeOS's separate
    // public and private slot.
    // Redirect any slot usage to this persistent slot on Linux.
+    crypto::EnsureNSSInit();
    g_nss_cert_database = new net::NSSCertDatabase(
-        crypto::ScopedPK11Slot(
-            crypto::GetPersistentNSSKeySlot()) /* public slot */,
-        crypto::ScopedPK11Slot(
-            crypto::GetPersistentNSSKeySlot()) /* private slot */);
+        crypto::ScopedPK11Slot(PK11_GetInternalKeySlot()) /* public slot */,
+        crypto::ScopedPK11Slot(PK11_GetInternalKeySlot()) /* private slot */);
  }
  return g_nss_cert_database;
 }
--- a/crypto/nss_util.cc
+++ b/crypto/nss_util.cc
@@ -601,21 +601,7 @@ class NSSInitSingleton {
    DCHECK(!slot || !prepared_test_private_slot_);
    prepared_test_private_slot_ = std::move(slot);
  }
-#endif  // defined(OS_CHROMEOS)
-
-#if !defined(OS_CHROMEOS)
-  PK11SlotInfo* GetPersistentNSSKeySlot() {
-    // TODO(mattm): Change to DCHECK when callers have been fixed.
-    if (!thread_checker_.CalledOnValidThread()) {
-      DVLOG(1) << "Called on wrong thread.\n"
-               << base::debug::StackTrace().ToString();
-    }
-
-    return PK11_GetInternalKeySlot();
-  }
-#endif

-#if defined(OS_CHROMEOS)
  void GetSystemNSSKeySlotCallback(
      base::OnceCallback<void(ScopedPK11Slot)> callback) {
    std::move(callback).Run(
@@ -710,7 +696,11 @@ class NSSInitSingleton {
      PK11_FreeSlot(slot);
    }

-    root_ = InitDefaultRootCerts();
+    // Load nss's built-in root certs.
+    //
+    // TODO(mattm): DCHECK this succeeded when crbug.com/310972 is fixed.
+    // Failing to load root certs will it hard to talk to anybody via https.
+    LoadModule("Root Certs", "libnssckbi.so", nullptr);

    // Disable MD5 certificate signatures. (They are disabled by default in
    // NSS 3.14.)
@@ -724,18 +714,6 @@ class NSSInitSingleton {
  // shut down.
  ~NSSInitSingleton() = delete;

-  // Load nss's built-in root certs.
-  SECMODModule* InitDefaultRootCerts() {
-    SECMODModule* root = LoadModule("Root Certs", "libnssckbi.so", nullptr);
-    if (root)
-      return root;
-
-    // Aw, snap.  Can't find/load root cert shared library.
-    // This will make it hard to talk to anybody via https.
-    // TODO(mattm): Re-add the NOTREACHED here when crbug.com/310972 is fixed.
-    return nullptr;
-  }
-
  // Load the given module for this NSS session.
  static SECMODModule* LoadModule(const char* name,
                                  const char* library_path,
@@ -764,7 +742,6 @@ class NSSInitSingleton {
    return module;
  }

-  SECMODModule* root_ = nullptr;
 #if defined(OS_CHROMEOS)
  bool tpm_token_enabled_for_nss_ = false;
  bool initializing_tpm_token_ = false;
@@ -912,10 +889,4 @@ PRTime BaseTimeToPRTime(base::Time time) {
  return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue();
 }

-#if !defined(OS_CHROMEOS)
-PK11SlotInfo* GetPersistentNSSKeySlot() {
-  return g_nss_singleton.Get().GetPersistentNSSKeySlot();
-}
-#endif
-
 }  // namespace crypto
--- a/crypto/nss_util_internal.h
+++ b/crypto/nss_util_internal.h
@@ -30,12 +30,6 @@ namespace crypto {
 CRYPTO_EXPORT ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path,
                                               const std::string& description);

-#if !defined(OS_CHROMEOS)
-// Returns a reference to the default NSS key slot for storing persistent data.
-// Caller must release returned reference with PK11_FreeSlot.
-CRYPTO_EXPORT PK11SlotInfo* GetPersistentNSSKeySlot() WARN_UNUSED_RESULT;
-#endif
-
 // A helper class that acquires the SECMOD list read lock while the
 // AutoSECMODListReadLock is in scope.
 class CRYPTO_EXPORT AutoSECMODListReadLock {