Remove NSS write lock.
The minimum supported NSS version is now past NSS 3.12.7, so the lock is no longer needed. We've also since removed <keygen> support, which was the motivation for the lock to begin with. Bug: 72603 Change-Id: I8959723d74089b2c0b9f99e96131b269c07cd2af Reviewed-on: https://chromium-review.googlesource.com/549156 Commit-Queue: David Benjamin <davidben@chromium.org> Reviewed-by: Matt Mueller <mattm@chromium.org> Cr-Commit-Position: refs/heads/master@{#482705}
This commit is contained in:

committed by
Commit Bot

parent
100bc68f61
commit
814ab64321
@ -29,7 +29,6 @@
|
|||||||
#include "base/memory/ptr_util.h"
|
#include "base/memory/ptr_util.h"
|
||||||
#include "base/path_service.h"
|
#include "base/path_service.h"
|
||||||
#include "base/strings/stringprintf.h"
|
#include "base/strings/stringprintf.h"
|
||||||
#include "base/synchronization/lock.h"
|
|
||||||
#include "base/threading/thread_checker.h"
|
#include "base/threading/thread_checker.h"
|
||||||
#include "base/threading/thread_restrictions.h"
|
#include "base/threading/thread_restrictions.h"
|
||||||
#include "base/threading/thread_task_runner_handle.h"
|
#include "base/threading/thread_task_runner_handle.h"
|
||||||
@ -610,10 +609,6 @@ class NSSInitSingleton {
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
base::Lock* write_lock() {
|
|
||||||
return &write_lock_;
|
|
||||||
}
|
|
||||||
|
|
||||||
private:
|
private:
|
||||||
friend struct base::LazyInstanceTraitsBase<NSSInitSingleton>;
|
friend struct base::LazyInstanceTraitsBase<NSSInitSingleton>;
|
||||||
|
|
||||||
@ -768,9 +763,6 @@ class NSSInitSingleton {
|
|||||||
std::map<std::string, std::unique_ptr<ChromeOSUserData>> chromeos_user_map_;
|
std::map<std::string, std::unique_ptr<ChromeOSUserData>> chromeos_user_map_;
|
||||||
ScopedPK11Slot test_system_slot_;
|
ScopedPK11Slot test_system_slot_;
|
||||||
#endif
|
#endif
|
||||||
// TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011
|
|
||||||
// is fixed, we will no longer need the lock.
|
|
||||||
base::Lock write_lock_;
|
|
||||||
|
|
||||||
base::ThreadChecker thread_checker_;
|
base::ThreadChecker thread_checker_;
|
||||||
};
|
};
|
||||||
@ -812,23 +804,6 @@ bool CheckNSSVersion(const char* version) {
|
|||||||
return !!NSS_VersionCheck(version);
|
return !!NSS_VersionCheck(version);
|
||||||
}
|
}
|
||||||
|
|
||||||
base::Lock* GetNSSWriteLock() {
|
|
||||||
return g_nss_singleton.Get().write_lock();
|
|
||||||
}
|
|
||||||
|
|
||||||
AutoNSSWriteLock::AutoNSSWriteLock() : lock_(GetNSSWriteLock()) {
|
|
||||||
// May be nullptr if the lock is not needed in our version of NSS.
|
|
||||||
if (lock_)
|
|
||||||
lock_->Acquire();
|
|
||||||
}
|
|
||||||
|
|
||||||
AutoNSSWriteLock::~AutoNSSWriteLock() {
|
|
||||||
if (lock_) {
|
|
||||||
lock_->AssertAcquired();
|
|
||||||
lock_->Release();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
AutoSECMODListReadLock::AutoSECMODListReadLock()
|
AutoSECMODListReadLock::AutoSECMODListReadLock()
|
||||||
: lock_(SECMOD_GetDefaultModuleListLock()) {
|
: lock_(SECMOD_GetDefaultModuleListLock()) {
|
||||||
SECMOD_GetReadLock(lock_);
|
SECMOD_GetReadLock(lock_);
|
||||||
|
@ -14,7 +14,6 @@
|
|||||||
#include "crypto/crypto_export.h"
|
#include "crypto/crypto_export.h"
|
||||||
|
|
||||||
namespace base {
|
namespace base {
|
||||||
class Lock;
|
|
||||||
class Time;
|
class Time;
|
||||||
} // namespace base
|
} // namespace base
|
||||||
|
|
||||||
@ -73,27 +72,6 @@ CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64_t prtime);
|
|||||||
// We use a int64_t instead of PRTime here to avoid depending on NSPR headers.
|
// We use a int64_t instead of PRTime here to avoid depending on NSPR headers.
|
||||||
CRYPTO_EXPORT int64_t BaseTimeToPRTime(base::Time time);
|
CRYPTO_EXPORT int64_t BaseTimeToPRTime(base::Time time);
|
||||||
|
|
||||||
// NSS has a bug which can cause a deadlock or stall in some cases when writing
|
|
||||||
// to the certDB and keyDB. It also has a bug which causes concurrent key pair
|
|
||||||
// generations to scribble over each other. To work around this, we synchronize
|
|
||||||
// writes to the NSS databases with a global lock. The lock is hidden beneath a
|
|
||||||
// function for easy disabling when the bug is fixed. Callers should allow for
|
|
||||||
// it to return NULL in the future.
|
|
||||||
//
|
|
||||||
// See https://bugzilla.mozilla.org/show_bug.cgi?id=564011
|
|
||||||
base::Lock* GetNSSWriteLock();
|
|
||||||
|
|
||||||
// A helper class that acquires the NSS write Lock while the AutoNSSWriteLock
|
|
||||||
// is in scope.
|
|
||||||
class CRYPTO_EXPORT AutoNSSWriteLock {
|
|
||||||
public:
|
|
||||||
AutoNSSWriteLock();
|
|
||||||
~AutoNSSWriteLock();
|
|
||||||
private:
|
|
||||||
base::Lock *lock_;
|
|
||||||
DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock);
|
|
||||||
};
|
|
||||||
|
|
||||||
} // namespace crypto
|
} // namespace crypto
|
||||||
|
|
||||||
#endif // CRYPTO_NSS_UTIL_H_
|
#endif // CRYPTO_NSS_UTIL_H_
|
||||||
|
@ -43,17 +43,11 @@ bool ImportSensitiveKeyFromFile(const base::FilePath& dir,
|
|||||||
bool ImportClientCertToSlot(const scoped_refptr<X509Certificate>& cert,
|
bool ImportClientCertToSlot(const scoped_refptr<X509Certificate>& cert,
|
||||||
PK11SlotInfo* slot) {
|
PK11SlotInfo* slot) {
|
||||||
std::string nickname = cert->GetDefaultNickname(USER_CERT);
|
std::string nickname = cert->GetDefaultNickname(USER_CERT);
|
||||||
{
|
SECStatus rv = PK11_ImportCert(slot, cert->os_cert_handle(),
|
||||||
crypto::AutoNSSWriteLock lock;
|
CK_INVALID_HANDLE, nickname.c_str(), PR_FALSE);
|
||||||
SECStatus rv = PK11_ImportCert(slot,
|
if (rv != SECSuccess) {
|
||||||
cert->os_cert_handle(),
|
LOG(ERROR) << "Could not import cert";
|
||||||
CK_INVALID_HANDLE,
|
return false;
|
||||||
nickname.c_str(),
|
|
||||||
PR_FALSE);
|
|
||||||
if (rv != SECSuccess) {
|
|
||||||
LOG(ERROR) << "Could not import cert";
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user