| blob | bbbaa70f8221c0cd591e6df2140c42206886df99 |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
8 #include <nss.h>
9 #include <pk11pub.h>
10 #include <plarena.h>
11 #include <prerror.h>
12 #include <prinit.h>
13 #include <prtime.h>
14 #include <secmod.h>
16 #if defined(OS_LINUX)
17 #include <linux/nfs_fs.h>
18 #include <sys/vfs.h>
19 #elif defined(OS_OPENBSD)
20 #include <sys/mount.h>
21 #include <sys/param.h>
22 #endif
24 #include <vector>
40 // USE_NSS means we use NSS for everything crypto-related. If USE_NSS is not
41 // defined, such as on Mac and Windows, we use NSS for SSL only -- we don't
42 // use NSS for crypto or certificate verification, and we don't use the NSS
43 // certificate and key databases.
44 #if defined(USE_NSS)
53 #if defined(OS_CHROMEOS)
56 // Constants for loading the Chrome OS TPM-backed PKCS #11 library.
60 // Fake certificate authority database used for testing.
73 }
75 }
77 #if defined(USE_NSS)
83 }
88 }
90 }
92 // On non-chromeos platforms, return the default config directory.
93 // On chromeos, return a read-only directory with fake root CA certs for testing
94 // (which will not exist on non-testing images). These root CA certs are used
95 // by the local Google Accounts server mock we use when testing our login code.
96 // If this directory is not present, NSS_Init() will fail. It is up to the
97 // caller to failover to NSS_NoDB_Init() at that point.
99 #if defined(OS_CHROMEOS)
101 #else
104 }
106 // This callback for NSS forwards all requests to a caller-specified
107 // CryptoModuleBlockingPasswordDelegate object.
109 #if defined(OS_CHROMEOS)
110 // If we get asked for a password for the TPM, then return the
111 // well known password we use, as long as the TPM slot has been
112 // initialized.
119 }
120 #endif
133 }
136 }
138 // NSS creates a local cache of the sqlite database if it detects that the
139 // filesystem the database is on is much slower than the local disk. The
140 // detection doesn't work with the latest versions of sqlite, such as 3.6.22
141 // (NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=578561). So we set
142 // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's
143 // detection when database_dir is on NFS. See http://crbug.com/48585.
144 //
145 // TODO(wtc): port this function to other USE_NSS platforms. It is defined
146 // only for OS_LINUX and OS_OPENBSD simply because the statfs structure
147 // is OS-specific.
148 //
149 // Because this function sets an environment variable it must be run before we
150 // go multi-threaded.
152 #if defined(OS_LINUX) || defined(OS_OPENBSD)
155 #if defined(OS_LINUX)
157 #elif defined(OS_OPENBSD)
159 #endif
164 }
165 }
167 }
170 AutoSECMODListReadLock auto_lock;
178 }
179 }
181 }
185 // A singleton to initialize/deinitialize NSPR.
186 // Separate from the NSS singleton because we initialize NSPR on the UI thread.
187 // Now that we're leaking the singleton, we could merge back with the NSS
188 // singleton.
195 }
197 // NOTE(willchan): We don't actually execute this code since we leak NSS to
198 // prevent non-joinable threads from using NSS after it's already been shut
199 // down.
205 }
206 };
211 // This is a LazyInstance so that it will be deleted automatically when the
212 // unittest exits. NSSInitSingleton is a LeakySingleton, so it would not be
213 // deleted if it were a regular member.
215 LAZY_INSTANCE_INITIALIZER;
217 // Force a crash with error info on NSS_NoDB_Init failure.
226 }
230 #if defined(OS_CHROMEOS)
233 // GetDefaultConfigDirectory causes us to do blocking IO on UI thread.
234 // Temporarily allow it until we fix http://crbug.com/70119
238 // This creates another DB slot in NSS that is read/write, unlike
239 // the fake root CA cert DB and the "default" crypto key
240 // provider, which are still read-only (because we initialized
241 // NSS before we had a cryptohome mounted).
243 kNSSDatabaseName);
244 }
245 }
249 }
253 // If EnableTPMTokenForNSS hasn't been called, return false.
257 // If everything is already initialized, then return true.
264 // This tries to load the Chaps module so NSS can talk to the hardware
265 // TPM.
268 kChapsModuleName,
269 kChapsPath,
270 // For more details on these parameters, see:
271 // https://developer.mozilla.org/en/PKCS11_Module_Specs
272 // slotFlags=[PublicCerts] -- Certificates and public keys can be
273 // read from this slot without requiring a call to C_Login.
274 // askpw=only -- Only authenticate to the token when necessary.
276 }
278 // If this gets set, then we'll use the TPM for certs with
279 // private keys, otherwise we'll fall back to the software
280 // implementation.
284 }
286 }
292 }
297 }
301 }
307 }
318 }
328 }
329 }
337 }
343 #if defined(OS_CHROMEOS)
348 // If we were supposed to get the hardware token, but were
349 // unable to, return NULL rather than fall back to sofware.
351 }
352 }
353 #endif
354 // If we weren't supposed to enable the TPM for NSS, then return
355 // the software slot.
359 }
361 #if defined(USE_NSS)
364 }
367 // This method is used to force NSS to be initialized without a DB.
368 // Call this method before NSSInitSingleton() is constructed.
371 }
387 // We *must* have NSS >= 3.12.3. See bug 26448.
392 nss_version_check_failed);
393 // Also check the run-time NSS version.
394 // NSS_VersionCheck is a >= check, not strict equality.
396 // It turns out many people have misconfigured NSS setups, where
397 // their run-time NSPR doesn't match the one their NSS was compiled
398 // against. So rather than aborting, complain loudly.
400 "We depend on NSS >= 3.12.3, and this error is not fatal "
401 "only because many people have busted NSS setups (for "
402 "example, using the wrong version of NSPR). "
403 "Please upgrade to the latest NSS and NSPR, and if you "
404 "still get this error, contact your distribution "
406 }
411 #if !defined(USE_NSS)
412 // Use the system certificate store, so initialize NSS without database.
414 #endif
421 }
422 #if defined(OS_IOS)
426 #if defined(USE_NSS)
429 // This duplicates the work which should have been done in
430 // EarlySetupForNSSInit. However, this function is idempotent so
431 // there's no harm done.
434 // Initialize with a persistent database (likely, ~/.pki/nssdb).
435 // Use "sql:" which can be shared by multiple processes safely.
438 #if defined(OS_CHROMEOS)
440 #else
442 #endif
447 }
448 }
455 }
456 }
460 // If we haven't initialized the password for the NSS databases,
461 // initialize an empty-string password so that we don't need to
462 // log in.
465 // PK11_InitPin may write to the keyDB, but no other thread can use NSS
466 // yet, so we don't need to lock.
470 }
474 }
476 // Disable MD5 certificate signatures. (They are disabled by default in
477 // NSS 3.14.)
482 // The UMA bit is conditionally set for this histogram in
483 // chrome/common/startup_metric_utils.cc .
489 }
491 // NOTE(willchan): We don't actually execute this code since we leak NSS to
492 // prevent non-joinable threads from using NSS after it's already been shut
493 // down.
498 }
503 }
509 }
514 }
518 // We VLOG(1) because this failure is relatively harmless (leaking, but
519 // we're shutting down anyway).
521 }
522 }
524 #if defined(USE_NSS) || defined(OS_IOS)
525 // Load nss's built-in root certs.
531 // Aw, snap. Can't find/load root cert shared library.
532 // This will make it hard to talk to anybody via https.
535 }
537 // Load the given module for this NSS session.
545 // Shouldn't need to const_cast here, but SECMOD doesn't properly
546 // declare input string arguments as const. Bug
547 // https://bugzilla.mozilla.org/show_bug.cgi?id=642546 was filed
548 // on NSS codebase to address this.
555 }
557 }
558 #endif
569 }
573 }
575 }
577 // If this is set to true NSS is forced to be initialized without a DB.
589 #if defined(USE_NSS)
590 // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011
591 // is fixed, we will no longer need the lock.
594 };
596 // static
603 #if defined(USE_NSS)
608 }
609 #endif
613 }
616 // We might fork, but we haven't loaded any security modules.
618 // If we're sandboxed, we shouldn't be able to open user security modules,
619 // but it's more correct to tell NSS to not even try.
620 // Loading user security modules would have security implications.
622 // Initialize NSS.
624 }
627 // Initializing SSL causes us to do blocking IO.
628 // Temporarily allow it until we fix
629 // http://code.google.com/p/chromium/issues/detail?id=59847
632 }
636 }
641 }
644 // Some NSS libraries are linked dynamically so load them here.
645 #if defined(USE_NSS)
646 // Try to search for multiple directories to load the libraries.
649 // Use relative path to Search PATH for the library files.
652 // For Debian derivatives NSS libraries are located here.
655 // Ubuntu 11.10 (Oneiric) places the libraries here.
656 #if defined(ARCH_CPU_X86_64)
658 #elif defined(ARCH_CPU_X86)
660 #elif defined(ARCH_CPU_ARMEL)
662 #endif
664 // A list of library files to load.
669 // For each combination of library file and path, check for existence and
670 // then load.
679 }
680 }
681 }
687 }
688 #endif
689 }
693 }
695 #if defined(USE_NSS)
698 }
701 // TODO(mattm): Close the dababase once NSS 3.14 is required,
702 // which fixes https://bugzilla.mozilla.org/show_bug.cgi?id=588269
703 // Resource leaks are suppressed. http://crbug.com/156433 .
704 }
708 }
711 // May be NULL if the lock is not needed in our version of NSS.
714 }
720 }
721 }
726 }
730 }
734 #if defined(OS_CHROMEOS)
737 }
741 }
745 }
749 }
754 }
760 }
764 }
768 }
772 }