chromium/src/crypto.git
6 weeks agoDisable Poly1305 code only on bad chips. master
agl@chromium.org [Fri, 8 Aug 2014 08:45:24 +0000 (08:45 +0000)]
Disable Poly1305 code only on bad chips.

This change detects buggy ARM chips and disables the Poly1305 code only on
those chips.

BUG=341598

Review URL: https://codereview.chromium.org/442863003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@288267 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

6 weeks agoMove StringToLowerASCII to base namespace
brettw@chromium.org [Thu, 7 Aug 2014 16:55:42 +0000 (16:55 +0000)]
Move StringToLowerASCII to base namespace

TBR=sky

Review URL: https://codereview.chromium.org/448853002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@288085 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

6 weeks agoAlign OpenSSL and NSS ChannelID formats.
davidben@chromium.org [Wed, 6 Aug 2014 23:11:09 +0000 (23:11 +0000)]
Align OpenSSL and NSS ChannelID formats.

NSS would use "" as the password while OpenSSL would use "\0\0" (UCS-2 encoding
of a NUL-terminated string) because of how PKCS#12 recommended encoding
passwords. Make the OpenSSL code use the same format so that we can freely switch
back and forth between NSS and OpenSSL.

(This is in case we need to roll back an OpenSSL cutover and the release has
hit some early release channel already.)

BUG=399121

Review URL: https://codereview.chromium.org/435593003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@287890 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

6 weeks agoDisable Poly1305 NEON code again.
agl@chromium.org [Tue, 5 Aug 2014 22:58:46 +0000 (22:58 +0000)]
Disable Poly1305 NEON code again.

The Poly1305 NEON code became live again with the BoringSSL switch. This
change disables it again in Chromium because of some broken phones.

We should really read /proc/cpuinfo and selectively disable, but this
change is simple and keeps the status-quo for now.

BUG=341598

Review URL: https://codereview.chromium.org/443523002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@287630 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

6 weeks agoFix ScopedTestNSSDB for older NSS versions.
pneubeck@chromium.org [Sun, 3 Aug 2014 12:47:44 +0000 (12:47 +0000)]
Fix ScopedTestNSSDB for older NSS versions.

Before, if NSS version was < 3.15.1, then the ScopedTempDir was destructed without ScopedAllowIO and lead to a thread restriction violation.

Now, the temp dir is not deleted in this case as the NSS DB is left open.

BUG=210525
TBR=rsleevi@chromium.org

Review URL: https://codereview.chromium.org/423363005

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@287257 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

6 weeks agoEnable system NSS key slot.
pneubeck@chromium.org [Sat, 2 Aug 2014 07:37:24 +0000 (07:37 +0000)]
Enable system NSS key slot.

This only affects users of domains that the device is registered to for policy.
All other users are unaffected (EnableNSSSystemKeySlotForResourceContext is only called for USER_AFFILIATION_MANAGED)

For the affected users, this enables and uses the slot for
- client authentication for TSL (see ClientCertStoreChromeOS)
- client authentication for 802.1x networks
- listing/removing certificates on the settings page (see CertificateManager)

In a follow up, also the enterprise.platformKeys API will be updated.

Depends on:
https://codereview.chromium.org/426983002/
https://codereview.chromium.org/428933002/

BUG=210525
R=mattm@chromium.org, rsleevi@chromium.org, willchan@chromium.org, xiyuan@chromium.org

Review URL: https://codereview.chromium.org/424523002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@287175 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

7 weeks agoImplement QUIC key extraction.
wtc@chromium.org [Thu, 31 Jul 2014 11:36:37 +0000 (11:36 +0000)]
Implement QUIC key extraction.

Added a new subkey_secret output to crypto::HKDF which is
saved by the forward-secure key derivation and used for a new
ExportKeyingMaterial method on QuicCryptoStream. This will be used
in Chromium for WebRTC on QUIC.

Generated some tests by making a straightforward alternative
implementation in Python.

Written by Daniel Ziegler.

Merge internal CL: 72073257

R=agl@chromium.org,dmziegler@chromium.org
BUG=

Review URL: https://codereview.chromium.org/423333002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@286738 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

7 weeks agoRelax the failure mode of EncryptorTest.UnsupportedKeySize so that we
wtc@chromium.org [Thu, 31 Jul 2014 01:03:05 +0000 (01:03 +0000)]
Relax the failure mode of EncryptorTest.UnsupportedKeySize so that we
can run the test on all platforms.

R=davidben@chromium.org,joth@chromium.org,rsleevi@chromium.org
BUG=

Review URL: https://codereview.chromium.org/432443003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@286667 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

7 weeks ago[webcrypto] Implement RSA-OAEP using BoringSSL.
eroman@chromium.org [Wed, 30 Jul 2014 21:28:53 +0000 (21:28 +0000)]
[webcrypto] Implement RSA-OAEP using BoringSSL.

BUG=395840
R=davidben@chromium.org, rsleevi@chromium.org

Review URL: https://codereview.chromium.org/419673006

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@286599 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

7 weeks agoMake NSSInitSingleton::tpm_slot_ a ScopedPK11Slot.
pneubeck@chromium.org [Wed, 30 Jul 2014 21:03:45 +0000 (21:03 +0000)]
Make NSSInitSingleton::tpm_slot_ a ScopedPK11Slot.

Based on https://codereview.chromium.org/426983002/ .

BUG=210525

Review URL: https://codereview.chromium.org/428933002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@286593 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

7 weeks agoMake crypto::GetSystemNSSKeySlot asynchronous.
pneubeck@chromium.org [Wed, 30 Jul 2014 12:24:29 +0000 (12:24 +0000)]
Make crypto::GetSystemNSSKeySlot asynchronous.

The system slot is set asynchronously, so the getting the system slot should happen asynchronously as well.

BUG=210525
TBR=rsleevi@chromium.org

Review URL: https://codereview.chromium.org/426983002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@286493 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

7 weeks agoExtract ScopedTestNSSDB from nss_util.
pneubeck@chromium.org [Mon, 28 Jul 2014 09:56:51 +0000 (09:56 +0000)]
Extract ScopedTestNSSDB from nss_util.

Before ScopedTestNSSDB affected several slot getters from nss_util.h .
This change reduces ScopedTestNSSDB to solely setup a temporary test DB and not influencing the global state in nss_util anymore.

As a replacement for some of its old behavior, a new ScopedTestSystemNSSKeySlot is added, which allows to override the slot returned by GetSystemNSSKeySlot().

With this change it's now possible to write tests that need both a user and system NSS DB by using ScopedTestSystemNSSKeySlot.

As a side-effect, GetPersistentNSSKeySlot() is now compiled on !OS_CHROMEOS only.

BUG=210525
(For include changes:)

R=rsleevi@chromium.org
TBR=nkostylev@chromium.org, stevenjb@chromium.org

Review URL: https://codereview.chromium.org/401623006

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@285881 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

8 weeks agoUpdate masters after the tryserver split.
sergeyberezin@chromium.org [Sat, 26 Jul 2014 04:38:32 +0000 (04:38 +0000)]
Update masters after the tryserver split.

Also replace deprecated linux_chromium_rel with linux_chromium_rel_swarming, while I'm at it.

R=agable@chromium.org, maruel@chromium.org
BUG=395196

Review URL: https://codereview.chromium.org/415323002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@285752 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

8 weeks agoDesupport AES-192 in crypto::SymmetricKey.
davidben@chromium.org [Fri, 25 Jul 2014 21:04:15 +0000 (21:04 +0000)]
Desupport AES-192 in crypto::SymmetricKey.

BoringSSL does not support AES-192. No current consumer uses AES-192, so remove
the test which asserts it works. This fixes crypto_unittests in the Mac OpenSSL
port. Blacklist AES-192 in the NSS implementation so that we do not
accidentally grow a new dependency on it.

BUG=338885

Review URL: https://codereview.chromium.org/420883003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@285678 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

8 weeks agoSwitch to BoringSSL.
davidben@chromium.org [Tue, 22 Jul 2014 18:20:37 +0000 (18:20 +0000)]
Switch to BoringSSL.

This is a reland of r284079 which was reverted in r284248 for components build
issues. That, in turn, was a reland of r283813 which was reverted in r283845
because it broke WebRTC tests on Android. That, in turn, was a reland of
r283542 which was reverted in r283591 because it broke the WebView build.

This is a much larger change than its diff suggests. If it breaks
something, please revert first and ask questions later.

BUG=393317
R=agl@chromium.org, jam@chromium.org

Review URL: https://codereview.chromium.org/401153002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@284729 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

8 weeks agoclean up code at crypto folder.
rucifer1217@gmail.com [Tue, 22 Jul 2014 00:09:25 +0000 (00:09 +0000)]
clean up code at crypto folder.

BUG=none

Review URL: https://codereview.chromium.org/407713002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@284547 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 months agoRevert "Switch to BoringSSL."
agl@chromium.org [Fri, 18 Jul 2014 23:18:18 +0000 (23:18 +0000)]
Revert "Switch to BoringSSL."

This reverts commit r284079.

BUG=395271

Review URL: https://codereview.chromium.org/406693004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@284248 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 months agoSwitch to BoringSSL.
agl@chromium.org [Fri, 18 Jul 2014 13:51:03 +0000 (13:51 +0000)]
Switch to BoringSSL.

(This is a reland of r283813 which was reverted in r283845 because it broke
WebRTC tests on Android. That, in turn, was a reland of of r283542 which was
reverted in r283591 because it broke the WebView build.)

This is a much larger change than its diff suggests. If it breaks
something, please revert first and ask questions later.

BUG=none

Review URL: https://codereview.chromium.org/401613008

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@284079 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 months agoRemove NSSCertDatabase from ClientCertStoreChromeOS unittest.
pneubeck@chromium.org [Fri, 18 Jul 2014 10:57:07 +0000 (10:57 +0000)]
Remove NSSCertDatabase from ClientCertStoreChromeOS unittest.

The database was only used to import a PKCS#12 file. By changing to separate key (PKCS#8 format) and cert (X509 in PEM encoding), only dependencies on the lower level RSAPrivateKey, X509Certificate and PK11_* NSS functions are required.
Note this removes at the same time a call to the deprecated NSSCertDatabase::GetInstance().

Also
- fixes multi profile cases of the unit test and the CA matching (the latter is now identical to all other platforms).
- fixes a bug in the matching of client certs from software slots, because of reused cert database names
- gets rid of the error output that occurred during the PKCS12 import because the file contained also a CA cert:
  [ERROR:nsPKCS12Blob.cpp(219)] Could not grab a handle to the certificate in the slot from the corresponding PKCS#12 DER certificate.

BUG=210525, 329735,315285

Review URL: https://codereview.chromium.org/394013005

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@284056 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 months agoRemove some unnecessary ifs.
eroman@chromium.org [Fri, 18 Jul 2014 02:59:36 +0000 (02:59 +0000)]
Remove some unnecessary ifs.

scoped_ptr<> only calls the deleter when the data is non-null

Review URL: https://codereview.chromium.org/357783003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@283980 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 months agoFixes for re-enabling more MSVC level 4 warnings: misc edition #2
pkasting@chromium.org [Fri, 18 Jul 2014 01:40:47 +0000 (01:40 +0000)]
Fixes for re-enabling more MSVC level 4 warnings: misc edition #2

This contains fixes for the following sorts of issues:
* Assignment inside conditional
* Taking the address of a temporary
* Octal escape sequence terminated by decimal number
* Signedness mismatch
* Possibly-uninitialized local variable

This also contains a small number of cleanups to nearby code (e.g. no else after return).

BUG=81439
TEST=none

Review URL: https://codereview.chromium.org/382673002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@283967 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 months agoRevert 283813 "Switch to BoringSSL."
vitalybuka@chromium.org [Thu, 17 Jul 2014 20:07:06 +0000 (20:07 +0000)]
Revert 283813 "Switch to BoringSSL."
Failed WebRtcBrowserTest on android_dbg_triggered_tests.

> Switch to BoringSSL.
>
> (This is a reland of r283542 which was reverted in r283591 because it
> broke the WebView build. The android_aosp trybots are broken[1] so this
> based on hope.)
>
> This is a much larger change than its diff suggests. If it breaks
> something, please revert first and ask questions later.
>
> [1] http://code.google.com/p/chromium/issues/detail?id=394597
>
> BUG=none
>
> Review URL: https://codereview.chromium.org/399993002

TBR=agl@chromium.org

Review URL: https://codereview.chromium.org/405503002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@283845 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 months agoSwitch to BoringSSL.
agl@chromium.org [Thu, 17 Jul 2014 17:59:10 +0000 (17:59 +0000)]
Switch to BoringSSL.

(This is a reland of r283542 which was reverted in r283591 because it
broke the WebView build. The android_aosp trybots are broken[1] so this
based on hope.)

This is a much larger change than its diff suggests. If it breaks
something, please revert first and ask questions later.

[1] http://code.google.com/p/chromium/issues/detail?id=394597

BUG=none

Review URL: https://codereview.chromium.org/399993002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@283813 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 months agoRevert "Switch to BoringSSL."
agl@chromium.org [Thu, 17 Jul 2014 00:20:36 +0000 (00:20 +0000)]
Revert "Switch to BoringSSL."

This reverts commit 283542.

This broke the WebView Android build.

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@283591 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 months agoSwitch to BoringSSL.
agl@chromium.org [Wed, 16 Jul 2014 22:15:31 +0000 (22:15 +0000)]
Switch to BoringSSL.

(This is a much larger change than its diff suggests. If it breaks something, please revert first and ask questions later.)

R=davidben@chromium.org, eroman@chromium.org, rsleevi@chromium.org

Review URL: https://codereview.chromium.org/345063006

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@283542 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 months agoFix memory leaks when calling EVP_PKEY_get1_RSA.
davidben@chromium.org [Mon, 14 Jul 2014 21:01:52 +0000 (21:01 +0000)]
Fix memory leaks when calling EVP_PKEY_get1_RSA.

EVP_PKEY_get1_RSA passes the caller a reference that needs to be released
afterwards.

BUG=393659

Review URL: https://codereview.chromium.org/392653005

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@283020 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 months agoAdd GetSystemNSSKeySlot, merge GetPrivateNSSKeySlot/GetPublicNSSKeySlot to GetPersist...
mattm@chromium.org [Sun, 13 Jul 2014 07:19:00 +0000 (07:19 +0000)]
Add GetSystemNSSKeySlot, merge GetPrivateNSSKeySlot/GetPublicNSSKeySlot to GetPersistentNSSKeySlot.

GetSystemNSSKeySlot returns the ChromeOS system-wide TPM slot.

ChromeOS has separate slots for each user and linux doesn't have a public/private split, so GetPrivateNSSKeySlot no longer makes sense.

BUG=210525
TBR=stevenjb@chromium.org

Review URL: https://codereview.chromium.org/383593002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@282862 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 months agoRemove usage of singleton software_slot_ in nss on ChromeOS
tbarzic@chromium.org [Sat, 12 Jul 2014 12:46:17 +0000 (12:46 +0000)]
Remove usage of singleton software_slot_ in nss on ChromeOS

Instead of opening primary user's public slot separately, do it like it's done
for other users: when InitializeNSSForChromeOSUser is called.

This makes primary user's public slot state not dependent on chromeos::TPMTokenLoader.

Also, with this, opening primary users public slot is not bound with enabling
TPM anymore, so the slot may get open for guest user and on Linux ChromeOS.

BUG=383663, 302062

Review URL: https://codereview.chromium.org/317613004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@282817 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 months agoEliminate ScopedOpenSSL in favour of scoped_ptr<> specializations.
rsleevi@chromium.org [Thu, 10 Jul 2014 04:39:38 +0000 (04:39 +0000)]
Eliminate ScopedOpenSSL in favour of scoped_ptr<> specializations.

Match the NSS, CryptoAPI (Win) and Security (OS X) approaches by
declaring the scoped types as specializations of our existing scoped
classes.

Like NSS, this requires an intermediate helper type, because our
scoped_ptr<> doesn't accept deleter functions as template
arguments (though they are valid in C++11's unique_ptr<>). A few base
cryptographic (non-certificate) types are used in
scoped_openssl_types.h, while the remainder are left for
implementations to specialize as needed.

In an ideal world, this would be scoped_ptr<FOO, FOO_free>, but that
will require unique_ptr<> support.

BUG=388904

Review URL: https://codereview.chromium.org/361193003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@282257 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 months agocrypto: Add ECPrivateKey::Copy (not needed for OpenSSL) and
wtc@chromium.org [Tue, 24 Jun 2014 04:12:34 +0000 (04:12 +0000)]
crypto: Add ECPrivateKey::Copy (not needed for OpenSSL) and
ECPrivateKey::ExportRawPublicKey.

R=rsleevi@chromium.org

Review URL: https://codereview.chromium.org/279973005

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@279308 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

3 months agoMove all callers of GetHomeDir() to PathService::Get(base::DIR_HOME).
nkostylev@chromium.org [Tue, 27 May 2014 00:12:33 +0000 (00:12 +0000)]
Move all callers of GetHomeDir() to PathService::Get(base::DIR_HOME).

* Fixes GetHomeDir() for multi-profiles case on Chrome OS.
* Once user signs in on Chrome OS base::DIR_HOME is overridden with primary user homedir.
* Added content switch --homedir to pass that information to ppapi plugins since they
run in a separate process and previous base::DIR_HOME override does not apply there.

This fix doesn't require checking for --multi-profiles switch
since user_id hash is known even without it.

Note:
download_prefs.cc still uses GetHomeDir() in its DownloadPathIsDangerous() check.
// Consider downloads 'dangerous' if they go to the home directory on Linux and
// to the desktop on any platform.
In this context correct behavior is to use "real" base::GetHomeDir() and not "virtual one" base::DIR_HOME.
Since latter is remapped to some test dir in tests, in some subfolders in Chrome OS etc.

BUG=331530
TBR=vitalybuka@chromium.org

Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=270872

Review URL: https://codereview.chromium.org/200473002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@272898 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

3 months agoFix component build with gcc 4.6 on Android.
aurimas@google.com [Thu, 22 May 2014 23:26:41 +0000 (23:26 +0000)]
Fix component build with gcc 4.6 on Android.

CRYPTO_EXPORT macro has to be before the non-void return type.

BUG=None
TBR=rsleevi@chromium.org

Review URL: https://codereview.chromium.org/296223002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@272363 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

3 months agoEnable more targets in the Android GN build.
brettw@chromium.org [Thu, 22 May 2014 23:21:23 +0000 (23:21 +0000)]
Enable more targets in the Android GN build.

This enables some already-working targets and adds a missing cpufeatures dep to crypto to make it compile. I added a comment in the cpufeatures build file so I can find it more easily by grepping next time.

R=cjhopman@chromium.org

Review URL: https://codereview.chromium.org/291343002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@272362 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

3 months agoAdd OpenSSL BIO method that writes to a std::string.
mattm@chromium.org [Thu, 22 May 2014 04:36:07 +0000 (04:36 +0000)]
Add OpenSSL BIO method that writes to a std::string.

BUG=none

Review URL: https://codereview.chromium.org/286263006

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@272100 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoImplemented profile-aware owner key loading.
ygorshenin@chromium.org [Wed, 21 May 2014 01:50:25 +0000 (01:50 +0000)]
Implemented profile-aware owner key loading.

BUG=230018
TEST=manual

Review URL: https://codereview.chromium.org/270663002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@271802 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoImplement SSL server socket over OpenSSL.
byungchul@chromium.org [Sat, 17 May 2014 16:02:08 +0000 (16:02 +0000)]
Implement SSL server socket over OpenSSL.

1) Mixed ssl_server_socket_nss.cc and ssl_client_socket_openssl.cc.
2) Moved common functions into openssl_util.cc.
3) Enabled SslServerSocketTest when USE_OPENSSL is defined.

BUG=

Review URL: https://codereview.chromium.org/274783002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@271218 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoRevert 270872 "Move all callers of GetHomeDir() to PathService::..."
benwells@chromium.org [Fri, 16 May 2014 06:32:59 +0000 (06:32 +0000)]
Revert 270872 "Move all callers of GetHomeDir() to PathService::..."

> Move all callers of GetHomeDir() to PathService::Get(base::DIR_HOME).
>
> * Fixes GetHomeDir() for multi-profiles case on Chrome OS.
> * Once user signs in on Chrome OS base::DIR_HOME is overridden with primary user homedir.
> * Added content switch --homedir to pass that information to ppapi plugins since they run in a separate process and previous base::DIR_HOME override does not apply there.
>
> This fix doesn't require checking for --multi-profiles switch
> since user_id hash is known even without it.
>
> BUG=331530
> TBR=vitalybuka@chromium.org
>
> Review URL: https://codereview.chromium.org/200473002

This test has caused two tests to start failing on the chromeos valgrind bots:
http://build.chromium.org/p/chromium.memory.fyi/builders/Chromium%20OS%20%28valgrind%29%286%29/builds/25884
http://build.chromium.org/p/chromium.memory.fyi/builders/Chromium%20OS%20%28valgrind%29%285%29/builds/26990

TBR=nkostylev@chromium.org

Review URL: https://codereview.chromium.org/284333002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@270951 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoMove all callers of GetHomeDir() to PathService::Get(base::DIR_HOME).
nkostylev@chromium.org [Fri, 16 May 2014 00:20:32 +0000 (00:20 +0000)]
Move all callers of GetHomeDir() to PathService::Get(base::DIR_HOME).

* Fixes GetHomeDir() for multi-profiles case on Chrome OS.
* Once user signs in on Chrome OS base::DIR_HOME is overridden with primary user homedir.
* Added content switch --homedir to pass that information to ppapi plugins since they run in a separate process and previous base::DIR_HOME override does not apply there.

This fix doesn't require checking for --multi-profiles switch
since user_id hash is known even without it.

BUG=331530
TBR=vitalybuka@chromium.org

Review URL: https://codereview.chromium.org/200473002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@270872 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoRemove {linux|android}_use_tcmalloc and switch to use_allocator in Chromium.
dmikurube@chromium.org [Wed, 7 May 2014 18:45:59 +0000 (18:45 +0000)]
Remove {linux|android}_use_tcmalloc and switch to use_allocator in Chromium.

If this change breaks some bots, please try restarting the
bot before reverting it. http://crrev.com/264460 may not be
effective yet until restarting.

See the bug and http://crrev.com/255129 for the details.

BUG=345554

Review URL: https://codereview.chromium.org/258433005

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@268876 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoGN build improvements.
brettw@chromium.org [Wed, 30 Apr 2014 16:47:24 +0000 (16:47 +0000)]
GN build improvements.

Fixes a TODO about private symbols on GCC.

Moves many third party BUILD.gn files from the secondary tree to the main one.

Fixes the dependencies on Linux so "gn check" passes again.

BUG=367595
R=scottmg@chromium.org

Previous review: https://codereview.chromium.org/256153003/

Review URL: https://codereview.chromium.org/264463002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@267233 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoRemove unused bits implementing parts of RFC 4880
rsleevi@chromium.org [Mon, 28 Apr 2014 07:40:35 +0000 (07:40 +0000)]
Remove unused bits implementing parts of RFC 4880

BUG=none
R=wtc@chromium.org, brettw@chromium.org

Review URL: https://codereview.chromium.org/253643002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@266475 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoFix for 64-bits, 32-bit size_t assumption.
anton@chromium.org [Wed, 23 Apr 2014 19:47:55 +0000 (19:47 +0000)]
Fix for 64-bits, 32-bit size_t assumption.

BUG=362031, 346626

Review URL: https://codereview.chromium.org/239993005

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@265710 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoMake GN's "check" run cleanly.
brettw@chromium.org [Tue, 22 Apr 2014 22:25:23 +0000 (22:25 +0000)]
Make GN's "check" run cleanly.

This fixes a bunch of minor issues, mostly header file dependencies for undeclared dependencies.

This also fixes some random TODOs.

R=scottmg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/246303005

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@265382 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 months agoWork on Mac GN build.
brettw@chromium.org [Thu, 17 Apr 2014 20:33:19 +0000 (20:33 +0000)]
Work on Mac GN build.

This fixes a lot of minor mistakes (mostly missing/extra files and flags) for the Mac GN build.

I separated out some clang flags into a config for extra clang warnings. Several of the third party libraries needed to remove this.

Removes the use_nss flag and uses !use_openssl. This is a result of discussion with rsleevi.

Removes extra duplicate net build file from secondary tree.

ui/gesture_events seems to be getting compiled in GN with more strict warnings than in GYP. Rather than fix this, I fixed the warning in the gesture recognizer unit test. It was returning a const copy (the const is pointless when you're copying).

This also removes a bunch of old GYP integration stuff that was left in the GN build.

R=scottmg@chromium.org

Review URL: https://codereview.chromium.org/239543013

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@264626 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 months agoImplement net in GN build.
brettw@chromium.org [Tue, 15 Apr 2014 19:26:44 +0000 (19:26 +0000)]
Implement net in GN build.

This does the net target. I started doing some more that are commented out at the bottom, and there are a few more after that do do. The deps of these targets started to build up to an unreasonable level and this should be a good checkpoint.

Fix grit rule.

Fix SSL dependent configs

Add TLD cleanup

Add gconf and gio targets for Linux.

Add sources filtering for ChromeOS, .rc, and .mm files. Remove built-in code that removes .rc and .mm files (this wasn't quite complete so causes problems).

BUG=
R=scottmg@chromium.org

Review URL: https://codereview.chromium.org/236713002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@263967 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 months agoAdd SSL support to the GN build
brettw@chromium.org [Mon, 14 Apr 2014 23:25:13 +0000 (23:25 +0000)]
Add SSL support to the GN build

This moves files from the secondary tree to the main one, and renames the "meta" one to //crypto:ssl. It also adds the crypto unit tests.

R=rsleevi@chromium.org

Review URL: https://codereview.chromium.org/231673006

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@263744 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 months agoAllow empty keys in hmac_openssl.cc.
davidben@chromium.org [Thu, 10 Apr 2014 21:16:59 +0000 (21:16 +0000)]
Allow empty keys in hmac_openssl.cc.

PrefHashCalculator uses empty keys in developer builds. This fixes
Chrome startup in debug builds.

BUG=none

Review URL: https://codereview.chromium.org/231603002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@263085 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 months agoGet rid of all component builds specific .isolate.
maruel@chromium.org [Fri, 4 Apr 2014 21:06:46 +0000 (21:06 +0000)]
Get rid of all component builds specific .isolate.

The status quo was unmaintainable.  These 'component build specific .isolate
files' are superseeded by tools/isolate_driver.py which packages dynamic
libraries automatically.

The new way is much more sane and dynamic, isolate_driver.py is currently very
crude but 'does the job', the expected way to make it work is to read the .ninja
files to extract all the dynamic libraries marked as a dependency to the main
target being executed.

TBR=csharp@chromium.org
BUG=333473

Review URL: https://codereview.chromium.org/226123004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@261871 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 months agoIntroduce USE_OPENSSL_CERTS for certificate handling.
haavardm@opera.com [Fri, 28 Mar 2014 16:20:32 +0000 (16:20 +0000)]
Introduce USE_OPENSSL_CERTS for certificate handling.

See discussion at chromium issue 338885.

When USE_OPENSSL_CERTS is defined, X509::OSCertHandle is now
typedef'ed to struct X509*.

When USE_OPENSSL is defined, USE_OPENSSL_CERTS will now be
defined for linux and Android, while being off for Mac and
Windows. This allows OpenSSL to be used while leaving
certificate handling to the OS.

OpenSSL cert verifying code will only be used on Linux.

This patch does not change any default behavior.

Bug=none
Test=none

Review URL: https://codereview.chromium.org/206453002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@260152 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 months agoRemove prtypes.h and prcpucfg*.h from base/third_party/nspr.
wtc@chromium.org [Tue, 25 Mar 2014 04:28:31 +0000 (04:28 +0000)]
Remove prtypes.h and prcpucfg*.h from base/third_party/nspr.

Copy the type and macro definitions we need to base/third_party/nspr/prtime.h.

Add chromium-prtypes.h to crypto/third_party/nss.

content/common/plugin_list_posix.cc doesn't need to include prcpucfg_linux.h.

R=ananta@chromium.org,mark@chromium.org,rsleevi@chromium.org

Review URL: https://codereview.chromium.org/209343003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@259148 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 months agocrypto.gyp: move openssl dependency into use_openssl section. Remove redundant source...
mattm@chromium.org [Sat, 22 Mar 2014 03:01:23 +0000 (03:01 +0000)]
crypto.gyp: move openssl dependency into use_openssl section. Remove redundant source excludes.

BUG=338888

Review URL: https://codereview.chromium.org/205813004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@258749 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 months agoHack to allow ec_private_key_openssl loading keys generated with NSS.
mattm@chromium.org [Sat, 22 Mar 2014 02:42:47 +0000 (02:42 +0000)]
Hack to allow ec_private_key_openssl loading keys generated with NSS.

BUG=none

Review URL: https://codereview.chromium.org/205333002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@258739 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

6 months agoRemove unused SymmetricKey::CreateFromKey method.
mattm@chromium.org [Thu, 20 Mar 2014 21:55:32 +0000 (21:55 +0000)]
Remove unused SymmetricKey::CreateFromKey method.

BUG=none

Review URL: https://codereview.chromium.org/205763003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@258427 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

6 months agoMove more file_util functions to base namespace.
brettw@chromium.org [Thu, 13 Mar 2014 17:26:21 +0000 (17:26 +0000)]
Move more file_util functions to base namespace.

TBR=jam

Review URL: https://codereview.chromium.org/189333004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@256863 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

6 months agoBuild src/crypto for PNaCl
sergeyu@chromium.org [Wed, 12 Mar 2014 09:34:10 +0000 (09:34 +0000)]
Build src/crypto for PNaCl

The new crypto_nacl target builds crypto for PNaCl.

BUG=276739

Review URL: https://codereview.chromium.org/185233012

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@256485 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

6 months agoConvert most Chromium presubmit files to use new multiple-tryserver-compatible protocol
phajdan.jr@chromium.org [Tue, 11 Mar 2014 21:45:27 +0000 (21:45 +0000)]
Convert most Chromium presubmit files to use new multiple-tryserver-compatible protocol

BUG=334892
R=maruel@chromium.org

Review URL: https://codereview.chromium.org/194903007

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@256318 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

6 months agoAdd use_allocator instead of linux_use_tcmalloc to switch the allocator.
dmikurube@chromium.org [Wed, 5 Mar 2014 20:10:07 +0000 (20:10 +0000)]
Add use_allocator instead of linux_use_tcmalloc to switch the allocator.

This change is to add a new build option 'use_allocator' which will
replace 'linux_use_tcmalloc' in the future. It doesn't change the
behavior immediately. The migration plan is as follows:

1) (this change)
... Add 'use_allocator' and set its default to "see_use_tcmalloc".
... Change allocator conditions to check use_allocator firstly.
... Use linux_use_tcmalloc if use_allocator=="see_use_tcmalloc".
... NO IMPACT without specifying use_allocator explicitly.
2) Change Blink to accept use_allocator. http://crrev.com/177053003/
3) Change gyp to accept use_allocator. http://crrev.com/178643004/
4) PSA the transition period to chromium-dev@.
5) (after the PSA-ed transition period)
... Make 'use_allocator' to "tcmalloc" or "none" (it depends) by default.
... Remove all linux_use_tcmalloc.
... Assert in gyp_chromium to check if linux_use_tcmalloc is not specified.

At the point of this change (1), linux_use_tcmalloc is still used by default
because 'use_allocator%': "see_use_tcmalloc".

As written in http://crbug.com/345554, linux_use_tcmalloc would
be confusing to have more options about allocators. We plan to:
A) enable gperftools' heap-profiler with non-tcmalloc allocator,
B) add a new memory allocator instead of tcmalloc.

BUG=345554, 339604, 341349
R=agl@chromium.org, brettw@chromium.org, dgarrett@chromium.org, jam@chromium.org, jamesr@chromium.org, joi@chromium.org, miket@chromium.org, nick@chromium.org, rsleevi@chromium.org, scherkus@chromium.org, sergeyu@chromium.org, shess@chromium.org, sievers@chromium.org, sky@chromium.org, vitalybuka@chromium.org, willchan@chromium.org

Review URL: https://codereview.chromium.org/177353002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@255129 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

6 months agochromeos: Load chaps module and lookup TPM slots on the worker pool.
mattm@chromium.org [Thu, 27 Feb 2014 22:27:21 +0000 (22:27 +0000)]
chromeos: Load chaps module and lookup TPM slots on the worker pool.

BUG=345713

Review URL: https://codereview.chromium.org/181053002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@253942 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

6 months agoConvert scoped_ptr_malloc -> scoped_ptr, part 2.
viettrungluu@chromium.org [Wed, 26 Feb 2014 20:29:57 +0000 (20:29 +0000)]
Convert scoped_ptr_malloc -> scoped_ptr, part 2.

scoped_ptr_malloc is deprecated; let's get rid of it.

BUG=344245
R=brettw@chromium.org
TBR=rsleevi@chromium.org,miket@chromium.org,ryanmyers@chromium.org,dalecurtis@chromium.org, cpu@chromium.org

Review URL: https://codereview.chromium.org/169193002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@253582 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

7 months agoMake net_unittests_run work with component=shared_library.
maruel@chromium.org [Wed, 5 Feb 2014 23:33:48 +0000 (23:33 +0000)]
Make net_unittests_run work with component=shared_library.

Specifically, this adds support to run net_unittests isolated via 'isolate.py
run' when built with component build.

R=vadimsh@chromium.org,brettw@chromium.org,rsleevi@chromium.org
BUG=336439

Review URL: https://codereview.chromium.org/134003004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@249150 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

7 months agoUse file_util::GetFileSystemType() in crypto/nss_util.cc.
thestig@chromium.org [Wed, 5 Feb 2014 08:37:48 +0000 (08:37 +0000)]
Use file_util::GetFileSystemType() in crypto/nss_util.cc.

Review URL: https://codereview.chromium.org/147933003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@248923 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

7 months agoDisable noisy printf in nss_util.cc
danakj@chromium.org [Fri, 31 Jan 2014 22:29:02 +0000 (22:29 +0000)]
Disable noisy printf in nss_util.cc

This is printed in every browser test, and just adds noise. Switch it
to VLOG(1) so it's available when wanted.

R=rsleevi@chromium.org
BUG=339891

Review URL: https://codereview.chromium.org/148483008

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@248290 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

8 months agoChromeOS: Fix crash if login profile triggers client auth.
mattm@chromium.org [Tue, 14 Jan 2014 14:00:46 +0000 (14:00 +0000)]
ChromeOS: Fix crash if login profile triggers client auth.

The login profile (which is identified with an empty username_hash) does not have an entry in the chromeos_user_map_, which would cause a crash (or DCHECK) when GetPrivateSlotForChromeOSUser was called. GetPrivateSlotForChromeOSUser is changed to return a NULL slot handle for this case.

Updates NSSProfileFilterChromeOS to allow NULL slot handles, which it will now receive due to the above change.

BUG=331945,302125

Review URL: https://codereview.chromium.org/123633002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@244690 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

8 months agoAllow Win64 build of base library even in a Win32 build.
petewil@chromium.org [Thu, 9 Jan 2014 18:48:05 +0000 (18:48 +0000)]
Allow Win64 build of base library even in a Win32 build.

Some components of a 32 bit build of chrome for Windows need to be built
as Win64 Dlls.  To allow those components to use base, we make a Win64
build of the base library even when building chrome 32 bit.

This is needed by the Chrome Desk Band code. crbug.com/327435.
https://codereview.chromium.org/79173004/

BUG=327435

Review URL: https://codereview.chromium.org/103333004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@243936 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

8 months agocrypto: fix typo in unittest found by thakis's new compiler warning.
agl@chromium.org [Sat, 21 Dec 2013 12:34:45 +0000 (12:34 +0000)]
crypto: fix typo in unittest found by thakis's new compiler warning.

(Note: landing unreviewed because it's trivial, the weekend before Xmas
and I'll forget about it if I leave it until after the vacation.)

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@242277 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoAdd ClientCertStoreChromeOS which only returns the certs for a given user.
mattm@chromium.org [Tue, 17 Dec 2013 00:09:00 +0000 (00:09 +0000)]
Add ClientCertStoreChromeOS which only returns the certs for a given user.

BUG=302125

Review URL: https://codereview.chromium.org/112533002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@241080 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoUpdate keygen to use correct NSS slot on ChromeOS multiprofile.
mattm@chromium.org [Mon, 16 Dec 2013 13:05:27 +0000 (13:05 +0000)]
Update keygen to use correct NSS slot on ChromeOS multiprofile.

BUG=302126

Review URL: https://codereview.chromium.org/61643007

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@240868 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoFix location of NSS library on armhf linux.
sbc@chromium.org [Wed, 11 Dec 2013 04:53:35 +0000 (04:53 +0000)]
Fix location of NSS library on armhf linux.

BUG=327453
TEST=arm linux trybot

Review URL: https://codereview.chromium.org/111713006

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@240018 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoInitialize per-ChromeOS-user NSS slots and provide the functions to access them.
mattm@google.com [Fri, 6 Dec 2013 22:24:07 +0000 (22:24 +0000)]
Initialize per-ChromeOS-user NSS slots and provide the functions to access them.

BUG=302124
R=mmenke@chromium.org, rsleevi@chromium.org, xiyuan@chromium.org

Review URL: https://codereview.chromium.org/53763003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@239266 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoMove directory creation functions to base namespace.
brettw@chromium.org [Tue, 3 Dec 2013 20:08:54 +0000 (20:08 +0000)]
Move directory creation functions to base namespace.

BUG=

Review URL: https://codereview.chromium.org/100573002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@238446 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoMove some more file utils to the base namespace.
brettw@chromium.org [Mon, 2 Dec 2013 18:55:49 +0000 (18:55 +0000)]
Move some more file utils to the base namespace.

This also swaps the order of the parameters to GetShmemTempDir so the out
parameter is last, and enhances some documentation.

Review URL: https://codereview.chromium.org/93263002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@238144 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoRemove crypto::GetTPMTokenInfo which is no longer necessary.
mattm@chromium.org [Mon, 25 Nov 2013 21:45:04 +0000 (21:45 +0000)]
Remove crypto::GetTPMTokenInfo which is no longer necessary.

BUG=none

Review URL: https://codereview.chromium.org/83833003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@237150 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agocrypto: disable NSS AES-NI support when AVX is disabled by OS.
agl@chromium.org [Fri, 22 Nov 2013 18:35:03 +0000 (18:35 +0000)]
crypto: disable NSS AES-NI support when AVX is disabled by OS.

When running under Xen, or with certain kernel configurations, it's possible
for the CPU to support AVX but for the operating system not to have configured
it. In this case, CPUID indicates that AVX support exists and NSS will try to
use it for AES-GCM. However, the first AVX instruction will cause an illegal
instruction exception.

This change works around the problem by disabling AES-NI support when AVX
support exists but is not supported by the OS. Sadly this also means that plain
AES instructions are also disabled in this case, but that's better than
crashing.

https://bugzilla.mozilla.org/show_bug.cgi?id=940794

BUG=320524

Review URL: https://codereview.chromium.org/79283002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@236794 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoRemove ChromeOS TPM slot unlock hacks that are unnecessary with chaps.
mattm@chromium.org [Thu, 21 Nov 2013 06:36:09 +0000 (06:36 +0000)]
Remove ChromeOS TPM slot unlock hacks that are unnecessary with chaps.

BUG=125848

Review URL: https://codereview.chromium.org/76693005

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@236418 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agocrypto: enable NEON optimisations when supported by the platform.
agl@chromium.org [Wed, 20 Nov 2013 04:25:51 +0000 (04:25 +0000)]
crypto: enable NEON optimisations when supported by the platform.

BUG=310768

Review URL: https://codereview.chromium.org/65413008

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@236143 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

10 months agoNSS: {EC,RSA}PrivateKey shouldn't call crypto::GetPublicNSSKeySlot or GetPrivateNSSKe...
mattm@chromium.org [Wed, 13 Nov 2013 03:29:22 +0000 (03:29 +0000)]
NSS: {EC,RSA}PrivateKey shouldn't call crypto::GetPublicNSSKeySlot or GetPrivateNSSKeySlot.

Make ECPrivateKey use PK11_GetInternalKeySlot for temporary keys.
Make ECPrivateKey and RSAPrivateKey "sensitive" functions take slot as parameter.

This avoids calling non-thread-safe functions in nss_util on arbitrary threads.

Also removes the ANNOTATE_SCOPED_MEMORY_LEAK from RSAPrivateKey which should no longer be necessary.

BUG=125848,34742

Review URL: https://codereview.chromium.org/66213002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@234726 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

10 months agoStart adding threading checks to nss_util.
mattm@chromium.org [Tue, 12 Nov 2013 02:56:31 +0000 (02:56 +0000)]
Start adding threading checks to nss_util.

BUG=125848

Review URL: https://codereview.chromium.org/64723006

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@234388 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

10 months agocrypto/nss_util: Get TPM slot id, do lookup by id instead of by name.
mattm@chromium.org [Fri, 25 Oct 2013 22:03:26 +0000 (22:03 +0000)]
crypto/nss_util: Get TPM slot id, do lookup by id instead of by name.

chromeos/cert_loader: store slot id as int.

BUG=302124

Review URL: https://codereview.chromium.org/36593002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@231126 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

10 months agocrypto: Implement ECSignatureCreatorImpl for OpenSSL
digit@chromium.org [Fri, 25 Oct 2013 17:26:08 +0000 (17:26 +0000)]
crypto: Implement ECSignatureCreatorImpl for OpenSSL

BUG=306176
TEST=crypto_unittests --gtest_filter=ECSignatureCreatorTest.*
R=rsleevi@chromium.org,agl@chromium.org,wtc@chromium.org

Review URL: https://codereview.chromium.org/43663005

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@231048 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

10 months agoAdd ScopedPK11SlotList to scoped_nss_types.h
mattm@chromium.org [Wed, 23 Oct 2013 22:22:53 +0000 (22:22 +0000)]
Add ScopedPK11SlotList to scoped_nss_types.h

BUG=none

Review URL: https://codereview.chromium.org/33003004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@230524 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

10 months agoAdd missing include of algorithm for std::min
scottmg@chromium.org [Tue, 22 Oct 2013 03:43:59 +0000 (03:43 +0000)]
Add missing include of algorithm for std::min

Required to compile on VS2013.

TBR=rsleevi@chromium.org
BUG=288948

Review URL: https://codereview.chromium.org/33583004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@230036 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

11 months agoopenssl: Implement crypto::ECPrivateKey.
digit@chromium.org [Thu, 17 Oct 2013 16:09:24 +0000 (16:09 +0000)]
openssl: Implement crypto::ECPrivateKey.

BUG=306176
R=rsleevi@chromium.org, wtc@chromium.org, agl@chromium.org

Review URL: https://codereview.chromium.org/27195002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@229153 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

11 months agoUpdate the NSS bug number for the invalid read when AES-CBC decrypting.
wtc@chromium.org [Wed, 2 Oct 2013 19:42:52 +0000 (19:42 +0000)]
Update the NSS bug number for the invalid read when AES-CBC decrypting.

R=eroman@chromium.org
BUG=300681
TEST=none

Review URL: https://codereview.chromium.org/25637004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@226530 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

11 months agoPrevent invalid memory read when AES-CBC decrypting.
eroman@chromium.org [Tue, 1 Oct 2013 10:34:27 +0000 (10:34 +0000)]
Prevent invalid memory read when AES-CBC decrypting.

The issue happens when the ciphertext is not a multiple of the block size.

BUG=300681

Review URL: https://codereview.chromium.org/25164002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@226199 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

11 months agoRename "decypted" to "decrypted".
eroman@chromium.org [Mon, 30 Sep 2013 09:08:47 +0000 (09:08 +0000)]
Rename "decypted" to "decrypted".

I presume this was a typo that got replicated throughout encryptor_unittest.cc

BUG=NONE

Review URL: https://codereview.chromium.org/25163002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@225951 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

12 months agoadd missing #include of <algorithm>, needed on VS2013 for std::min
scottmg@chromium.org [Thu, 12 Sep 2013 22:51:37 +0000 (22:51 +0000)]
add missing #include of <algorithm>, needed on VS2013 for std::min

R=rsleevi@chromium.org
BUG=288948

Review URL: https://chromiumcodereview.appspot.com/23684060

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@222895 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

12 months agocrypto: Don't try to init NSS with nonexistent DB.
derat@chromium.org [Thu, 12 Sep 2013 20:32:22 +0000 (20:32 +0000)]
crypto: Don't try to init NSS with nonexistent DB.

This makes non-test Chrome OS images avoid trying to
initialize /etc/fake_root_ca/nssdb to avoid an "Error
initializing NSS with a persistent database
(sql:/etc/fake_root_ca/nssdb): NSS error code: -8174"
message that gets logged multiple times at startup.

BUG=none

Review URL: https://chromiumcodereview.appspot.com/23654019

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@222856 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

12 months agoConvert most run_all_unittests.cc files to use new unit test launcher.
phajdan.jr@chromium.org [Thu, 5 Sep 2013 18:20:36 +0000 (18:20 +0000)]
Convert most run_all_unittests.cc files to use new unit test launcher.

Note that the new code is still behind a runtime flag
(--brave-new-test-launcher), but compiling tests with support for it
will make further testing possible.

BUG=236893, 79359
R=akalin@chromium.org, enne@chromium.org, erikwright@chromium.org, joi@chromium.org, keybuk@chromium.org, sky@chromium.org, thestig@chromium.org, tommi@chromium.org, wtc@chromium.org, xhwang@chromium.org, yzshen@chromium.org

Review URL: https://codereview.chromium.org/23442019

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@221464 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

13 months agoMake CryptohomeClientImplStub and ScopedTestNSSDB use the same TokenName.
pneubeck@chromium.org [Mon, 12 Aug 2013 14:09:19 +0000 (14:09 +0000)]
Make CryptohomeClientImplStub and ScopedTestNSSDB use the same TokenName.

This allows for tests which rely on CertLoader::IsHardwareBacked returning true.

BUG=NONE
R=agl@chromium.org, stevenjb@chromium.org

Review URL: https://codereview.chromium.org/22407013

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@216991 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

13 months agoReland http://crrev.com/209278
rsleevi@chromium.org [Wed, 7 Aug 2013 22:57:00 +0000 (22:57 +0000)]
Reland http://crrev.com/209278

Update dependency to NSS >= 3.14.3 and NSPR >= 4.9.2

Technically NSS 3.14.3 depends on NSPR 4.9.5, but Debian stable still
ships 4.9.2 on stable, so this is the lower bound.

3.14.3 contains a number of important security fixes, and support for
older systems is no longer desirable.

BUG=245370
TBR=thestig@chromium.org, wtc@chromium.org

Review URL: https://chromiumcodereview.appspot.com/20615002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@216296 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

13 months ago[MIPS] Add additional directory for NSS libraries
petarj@mips.com [Thu, 1 Aug 2013 02:46:46 +0000 (02:46 +0000)]
[MIPS] Add additional directory for NSS libraries

Add correct path for NSS libraries on MIPS.
Tested on Debian Wheezy.

BUG=130022
TEST=build and run Chromium

Review URL: https://chromiumcodereview.appspot.com/21029006

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@214931 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

13 months agoFix a bug where packing an extension with bad private key causes crash.
DHNishi@gmail.com [Wed, 31 Jul 2013 07:49:16 +0000 (07:49 +0000)]
Fix a bug where packing an extension with bad private key causes crash.
BUG=263968
TEST=PackExtensionTest.ExtensionWithInvalidKey

Review URL: https://chromiumcodereview.appspot.com/20794003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@214622 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

14 months agonet: fix buffer overflow in GHASH.
agl@chromium.org [Wed, 17 Jul 2013 18:10:23 +0000 (18:10 +0000)]
net: fix buffer overflow in GHASH.

Thanks to Joel Sing for noticing.

BUG=none
R=rtenneti@chromium.org

Review URL: https://codereview.chromium.org/19619003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@212090 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

14 months agoIntroduce RSAPrivateKey::SignDigest
pfeldman@chromium.org [Tue, 9 Jul 2013 08:32:40 +0000 (08:32 +0000)]
Introduce RSAPrivateKey::SignDigest

BUG=258017
R=rsleevi@chromium.org

Review URL: https://codereview.chromium.org/18697003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@210524 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

14 months agoOpenSSL/NSS implementation of ProofVerfifier.
rtenneti@chromium.org [Wed, 3 Jul 2013 10:27:46 +0000 (10:27 +0000)]
OpenSSL/NSS implementation of ProofVerfifier.

Changes to make ProofVerifier asynchronous. Each QuicSession's ProofVerifier is used to verify the signature and cert chain.

Implemented generation counter in QuicCryptoClientConfig's CachedState in case certs change when we are verifying the Proof.

Review URL: https://chromiumcodereview.appspot.com/17385010

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@209946 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

14 months agoRevert 209515 "Reland http://crrev.com/209278"
rsleevi@chromium.org [Mon, 1 Jul 2013 23:23:37 +0000 (23:23 +0000)]
Revert 209515 "Reland http://crrev.com/209278"

> Reland http://crrev.com/209278
>
> Update dependency to NSS >= 3.14.3 and NSPR >= 4.9.2
>
> Technically NSS 3.14.3 depends on NSPR 4.9.5, but Debian stable still
> ships 4.9.2 on stable, so this is the lower bound.
>
> 3.14.3 contains a number of important security fixes, and support for
> older systems is no longer desirable.
>
> BUG=245370
> TBR=thestig@chromium.org, wtc@chromium.org
>
> Review URL: https://chromiumcodereview.appspot.com/18332012

TBR=rsleevi@chromium.org

Review URL: https://codereview.chromium.org/18414004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@209534 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

14 months agoReland http://crrev.com/209278
rsleevi@chromium.org [Mon, 1 Jul 2013 22:06:48 +0000 (22:06 +0000)]
Reland http://crrev.com/209278

Update dependency to NSS >= 3.14.3 and NSPR >= 4.9.2

Technically NSS 3.14.3 depends on NSPR 4.9.5, but Debian stable still
ships 4.9.2 on stable, so this is the lower bound.

3.14.3 contains a number of important security fixes, and support for
older systems is no longer desirable.

BUG=245370
TBR=thestig@chromium.org, wtc@chromium.org

Review URL: https://chromiumcodereview.appspot.com/18332012

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@209515 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

14 months agoUse the HASH_ResultLenContext and HASH_GetType functions, now that they
wtc@chromium.org [Mon, 1 Jul 2013 07:40:09 +0000 (07:40 +0000)]
Use the HASH_ResultLenContext and HASH_GetType functions, now that they
are exported.

R=rsleevi@chromium.org
BUG=none
TEST=none

Review URL: https://chromiumcodereview.appspot.com/18181018

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@209388 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

14 months agoActually close the test NSS DB when ScopedTestNSSDB is destroyed
rsleevi@chromium.org [Sat, 29 Jun 2013 21:18:16 +0000 (21:18 +0000)]
Actually close the test NSS DB when ScopedTestNSSDB is destroyed

NSS 3.15.1 fixes all known errors with SECMOD_CloseUserDB, so it can
now be safely used again while testing

BUG=156433
R=mattm

Review URL: https://chromiumcodereview.appspot.com/18238002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@209351 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

14 months agoRevert 209278 "Update dependency to NSS >= 3.14.3 and NSPR >= 4.9.2"
joaodasilva@chromium.org [Sat, 29 Jun 2013 13:00:01 +0000 (13:00 +0000)]
Revert 209278 "Update dependency to NSS >= 3.14.3 and NSPR >= 4.9.2"

> Update dependency to NSS >= 3.14.3 and NSPR >= 4.9.2
>
> Technically NSS 3.14.3 depends on NSPR 4.9.5, but Debian stable still
> ships 4.9.2 on stable, so this is the lower bound.
>
> 3.14.3 contains a number of important security fixes, and support for
> older systems is no longer desirable.
>
> BUG=245370
> R=thestig@chromium.org, wtc@chromium.org
>
> Review URL: https://chromiumcodereview.appspot.com/18063013

TBR=rsleevi@chromium.org

Review URL: https://codereview.chromium.org/18181019

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@209282 4ff67af0-8c30-449e-8e8b-ad334ec8d88c