chromium/src
0
Fork 0
Code Activity

Remove NSS write lock.

Browse Source 
The minimum supported NSS version is now past NSS 3.12.7, so the lock is
no longer needed. We've also since removed <keygen> support, which was
the motivation for the lock to begin with.

Bug: 72603
Change-Id: I8959723d74089b2c0b9f99e96131b269c07cd2af
Reviewed-on: https://chromium-review.googlesource.com/549156
Commit-Queue: David Benjamin <davidben@chromium.org>
Reviewed-by: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#482705}
This commit is contained in:
David Benjamin
2017-06-27 15:08:43 -04:00
committed by Commit Bot
parent 100bc68f61
commit 814ab64321
3 changed files with 5 additions and 58 deletions

25
crypto/nss_util.cc

@ -29,7 +29,6 @@
#include "base/memory/ptr_util.h"
#include "base/path_service.h"
#include "base/strings/stringprintf.h"
#include "base/synchronization/lock.h"
#include "base/threading/thread_checker.h"
#include "base/threading/thread_restrictions.h"
#include "base/threading/thread_task_runner_handle.h"
@ -610,10 +609,6 @@ class NSSInitSingleton {
}
#endif
base::Lock* write_lock() {
return &write_lock_;
}
private:
friend struct base::LazyInstanceTraitsBase<NSSInitSingleton>;
@ -768,9 +763,6 @@ class NSSInitSingleton {
std::map<std::string, std::unique_ptr<ChromeOSUserData>> chromeos_user_map_;
ScopedPK11Slot test_system_slot_;
#endif
// TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011
// is fixed, we will no longer need the lock.
base::Lock write_lock_;
base::ThreadChecker thread_checker_;
};
@ -812,23 +804,6 @@ bool CheckNSSVersion(const char* version) {
return !!NSS_VersionCheck(version);
}
base::Lock* GetNSSWriteLock() {
return g_nss_singleton.Get().write_lock();
}
AutoNSSWriteLock::AutoNSSWriteLock() : lock_(GetNSSWriteLock()) {
// May be nullptr if the lock is not needed in our version of NSS.
if (lock_)
lock_->Acquire();
}
AutoNSSWriteLock::~AutoNSSWriteLock() {
if (lock_) {
lock_->AssertAcquired();
lock_->Release();
}
}
AutoSECMODListReadLock::AutoSECMODListReadLock()
: lock_(SECMOD_GetDefaultModuleListLock()) {
SECMOD_GetReadLock(lock_);

22
crypto/nss_util.h

@ -14,7 +14,6 @@
#include "crypto/crypto_export.h"
namespace base {
class Lock;
class Time;
} // namespace base
@ -73,27 +72,6 @@ CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64_t prtime);
// We use a int64_t instead of PRTime here to avoid depending on NSPR headers.
CRYPTO_EXPORT int64_t BaseTimeToPRTime(base::Time time);
// NSS has a bug which can cause a deadlock or stall in some cases when writing
// to the certDB and keyDB. It also has a bug which causes concurrent key pair
// generations to scribble over each other. To work around this, we synchronize
// writes to the NSS databases with a global lock. The lock is hidden beneath a
// function for easy disabling when the bug is fixed. Callers should allow for
// it to return NULL in the future.
//
// See https://bugzilla.mozilla.org/show_bug.cgi?id=564011
base::Lock* GetNSSWriteLock();
// A helper class that acquires the NSS write Lock while the AutoNSSWriteLock
// is in scope.
class CRYPTO_EXPORT AutoNSSWriteLock {
public:
AutoNSSWriteLock();
~AutoNSSWriteLock();
private:
base::Lock *lock_;
DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock);
};
} // namespace crypto
#endif // CRYPTO_NSS_UTIL_H_

16
net/test/cert_test_util_nss.cc

@ -43,17 +43,11 @@ bool ImportSensitiveKeyFromFile(const base::FilePath& dir,
bool ImportClientCertToSlot(const scoped_refptr<X509Certificate>& cert,
PK11SlotInfo* slot) {
std::string nickname = cert->GetDefaultNickname(USER_CERT);
{
crypto::AutoNSSWriteLock lock;
SECStatus rv = PK11_ImportCert(slot,
cert->os_cert_handle(),
CK_INVALID_HANDLE,
nickname.c_str(),
PR_FALSE);
if (rv != SECSuccess) {
LOG(ERROR) << "Could not import cert";
return false;
}
SECStatus rv = PK11_ImportCert(slot, cert->os_cert_handle(),
CK_INVALID_HANDLE, nickname.c_str(), PR_FALSE);
if (rv != SECSuccess) {
LOG(ERROR) << "Could not import cert";
return false;
}
return true;
}