Make USE_OPENSSL and USE_NSS mutually exclusive
- that is, defining use_openssl=1 will now remove all dependency on NSS.
This does not impact any of the standard, non-openssl builds.
Adds stub implementations of several files that need to be fully implemented in follow up patchs.
Firefox import code will need some more substatial refactoring, as it makes little sense to be
attempting a firefox import without NSS libraries to hand, however the UI etc has numerous assumption
about the presence of this importer.
BUG=None
TEST=None
Review URL: http://codereview.chromium.org/3855004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@63506 0039d316-1c4b-4281-b951-d872f2087c98
diff --git a/base/base.gyp b/base/base.gyp
index 8e0b1e91..2de9b4b6 100644
--- a/base/base.gyp
+++ b/base/base.gyp
@@ -235,6 +235,11 @@
'win_util_unittest.cc',
],
}],
+ [ 'use_openssl==1', {
+ 'sources!': [
+ 'crypto/rsa_private_key_nss_unittest.cc',
+ ],
+ }],
],
},
{
diff --git a/base/base.gypi b/base/base.gypi
index 7280eb8..b9fad5e 100644
--- a/base/base.gypi
+++ b/base/base.gypi
@@ -391,23 +391,28 @@
'crypto/encryptor.h',
'crypto/encryptor_mac.cc',
'crypto/encryptor_nss.cc',
+ 'crypto/encryptor_openssl.cc',
'crypto/encryptor_win.cc',
'crypto/rsa_private_key.h',
'crypto/rsa_private_key.cc',
'crypto/rsa_private_key_mac.cc',
'crypto/rsa_private_key_nss.cc',
+ 'crypto/rsa_private_key_openssl.cc',
'crypto/rsa_private_key_win.cc',
'crypto/signature_creator.h',
'crypto/signature_creator_mac.cc',
'crypto/signature_creator_nss.cc',
+ 'crypto/signature_creator_openssl.cc',
'crypto/signature_creator_win.cc',
'crypto/signature_verifier.h',
'crypto/signature_verifier_mac.cc',
'crypto/signature_verifier_nss.cc',
+ 'crypto/signature_verifier_openssl.cc',
'crypto/signature_verifier_win.cc',
'crypto/symmetric_key.h',
'crypto/symmetric_key_mac.cc',
'crypto/symmetric_key_nss.cc',
+ 'crypto/symmetric_key_openssl.cc',
'crypto/symmetric_key_win.cc',
'third_party/nspr/prcpucfg.h',
'third_party/nspr/prcpucfg_win.h',
@@ -432,6 +437,7 @@
'hmac.h',
'hmac_mac.cc',
'hmac_nss.cc',
+ 'hmac_openssl.cc',
'hmac_win.cc',
'image_util.cc',
'image_util.h',
@@ -455,6 +461,7 @@
'setproctitle_linux.h',
'sha2.cc',
'sha2.h',
+ 'sha2_openssl.cc',
'string16.cc',
'string16.h',
'sync_socket.h',
@@ -512,6 +519,38 @@
'win_util.cc',
],
},],
+ [ 'use_openssl==1', {
+ # TODO(joth): Use a glob to match exclude patterns once the
+ # OpenSSL file set is complete.
+ 'sources!': [
+ 'crypto/encryptor_nss.cc',
+ 'crypto/rsa_private_key_nss.cc',
+ 'crypto/signature_creator_nss.cc',
+ 'crypto/signature_verifier_nss.cc',
+ 'crypto/symmetric_key_nss.cc',
+ 'hmac_nss.cc',
+ 'nss_util.cc',
+ 'nss_util.h',
+ # Note that sha2.cc depends on the NSS files bundled into
+ # chromium; it does not have the _nss postfix as it is required
+ # on platforms besides linux and *bsd.
+ 'sha2.cc',
+ 'third_party/nss/blapi.h',
+ 'third_party/nss/blapit.h',
+ 'third_party/nss/sha256.h',
+ 'third_party/nss/sha512.cc',
+ ],
+ }, {
+ 'sources!': [
+ 'crypto/encryptor_openssl.cc',
+ 'crypto/rsa_private_key_openssl.cc',
+ 'crypto/signature_creator_openssl.cc',
+ 'crypto/signature_verifier_openssl.cc',
+ 'crypto/symmetric_key_openssl.cc',
+ 'hmac_openssl.cc',
+ 'sha2_openssl.cc',
+ ],
+ },],
],
}],
],
@@ -550,12 +589,21 @@
},
},
],
+ [ 'use_openssl==1', {
+ 'dependencies': [
+ '../build/linux/system.gyp:openssl',
+ ],
+ }, { # use_openssl==0
+ 'dependencies': [
+ '../build/linux/system.gyp:nss',
+ ],
+ }
+ ],
],
'dependencies': [
'symbolize',
'../build/util/build_util.gyp:lastchange',
'../build/linux/system.gyp:gtk',
- '../build/linux/system.gyp:nss',
'xdg_mime',
],
'export_dependent_settings': [
diff --git a/base/crypto/encryptor_openssl.cc b/base/crypto/encryptor_openssl.cc
new file mode 100644
index 0000000..71a84be7
--- /dev/null
+++ b/base/crypto/encryptor_openssl.cc
@@ -0,0 +1,32 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/crypto/encryptor.h"
+
+#include "base/logging.h"
+
+namespace base {
+
+Encryptor::Encryptor() {
+}
+
+Encryptor::~Encryptor() {
+}
+
+bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) {
+ NOTIMPLEMENTED();
+ return false;
+}
+
+bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) {
+ NOTIMPLEMENTED();
+ return false;
+}
+
+bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) {
+ NOTIMPLEMENTED();
+ return false;
+}
+
+} // namespace base
diff --git a/base/crypto/rsa_private_key_openssl.cc b/base/crypto/rsa_private_key_openssl.cc
new file mode 100644
index 0000000..ec1d8b5d
--- /dev/null
+++ b/base/crypto/rsa_private_key_openssl.cc
@@ -0,0 +1,79 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/crypto/rsa_private_key.h"
+
+#include "base/logging.h"
+
+namespace base {
+
+// static
+RSAPrivateKey* RSAPrivateKey::CreateWithParams(uint16 num_bits,
+ bool permanent,
+ bool sensitive) {
+ NOTIMPLEMENTED();
+ return NULL;
+}
+
+// static
+RSAPrivateKey* RSAPrivateKey::Create(uint16 num_bits) {
+ return CreateWithParams(num_bits,
+ false /* not permanent */,
+ false /* not sensitive */);
+}
+
+// static
+RSAPrivateKey* RSAPrivateKey::CreateSensitive(uint16 num_bits) {
+ return CreateWithParams(num_bits,
+ true /* permanent */,
+ true /* sensitive */);
+}
+
+// static
+RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfoWithParams(
+ const std::vector<uint8>& input, bool permanent, bool sensitive) {
+ NOTIMPLEMENTED();
+ return NULL;
+}
+
+// static
+RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo(
+ const std::vector<uint8>& input) {
+ return CreateFromPrivateKeyInfoWithParams(input,
+ false /* not permanent */,
+ false /* not sensitive */);
+}
+
+// static
+RSAPrivateKey* RSAPrivateKey::CreateSensitiveFromPrivateKeyInfo(
+ const std::vector<uint8>& input) {
+ return CreateFromPrivateKeyInfoWithParams(input,
+ true /* permanent */,
+ true /* seneitive */);
+}
+
+// static
+RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo(
+ const std::vector<uint8>& input) {
+ NOTIMPLEMENTED();
+ return NULL;
+}
+
+RSAPrivateKey::RSAPrivateKey() {
+}
+
+RSAPrivateKey::~RSAPrivateKey() {
+}
+
+bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) {
+ NOTIMPLEMENTED();
+ return false;
+}
+
+bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) {
+ NOTIMPLEMENTED();
+ return false;
+}
+
+} // namespace base
diff --git a/base/crypto/signature_creator_openssl.cc b/base/crypto/signature_creator_openssl.cc
new file mode 100644
index 0000000..5d70f01
--- /dev/null
+++ b/base/crypto/signature_creator_openssl.cc
@@ -0,0 +1,32 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/crypto/signature_creator.h"
+
+#include "base/logging.h"
+
+namespace base {
+
+// static
+SignatureCreator* SignatureCreator::Create(RSAPrivateKey* key) {
+ return NULL;
+}
+
+SignatureCreator::SignatureCreator() {
+}
+
+SignatureCreator::~SignatureCreator() {
+}
+
+bool SignatureCreator::Update(const uint8* data_part, int data_part_len) {
+ NOTIMPLEMENTED();
+ return false;
+}
+
+bool SignatureCreator::Final(std::vector<uint8>* signature) {
+ NOTIMPLEMENTED();
+ return false;
+}
+
+} // namespace base
diff --git a/base/crypto/signature_verifier_openssl.cc b/base/crypto/signature_verifier_openssl.cc
new file mode 100644
index 0000000..49b5e07
--- /dev/null
+++ b/base/crypto/signature_verifier_openssl.cc
@@ -0,0 +1,41 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/crypto/signature_verifier.h"
+
+#include "base/logging.h"
+
+namespace base {
+
+SignatureVerifier::SignatureVerifier() {
+}
+
+SignatureVerifier::~SignatureVerifier() {
+}
+
+bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm,
+ int signature_algorithm_len,
+ const uint8* signature,
+ int signature_len,
+ const uint8* public_key_info,
+ int public_key_info_len) {
+ NOTIMPLEMENTED();
+ return false;
+}
+
+void SignatureVerifier::VerifyUpdate(const uint8* data_part,
+ int data_part_len) {
+ NOTIMPLEMENTED();
+}
+
+bool SignatureVerifier::VerifyFinal() {
+ NOTIMPLEMENTED();
+ return false;
+}
+
+void SignatureVerifier::Reset() {
+ NOTIMPLEMENTED();
+}
+
+} // namespace base
diff --git a/base/crypto/symmetric_key.h b/base/crypto/symmetric_key.h
index d7259be..3f2be76 100644
--- a/base/crypto/symmetric_key.h
+++ b/base/crypto/symmetric_key.h
@@ -65,7 +65,10 @@
bool GetRawKey(std::string* raw_key);
private:
-#if defined(USE_NSS)
+#if defined(USE_OPENSSL)
+ // TODO(joth): Add a constructor that accepts OpenSSL symmetric key data, and
+ // the appropriate data members to store it in.
+#elif defined(USE_NSS)
explicit SymmetricKey(PK11SymKey* key);
ScopedPK11SymKey key_;
#elif defined(OS_MACOSX)
diff --git a/base/crypto/symmetric_key_openssl.cc b/base/crypto/symmetric_key_openssl.cc
new file mode 100644
index 0000000..591252d
--- /dev/null
+++ b/base/crypto/symmetric_key_openssl.cc
@@ -0,0 +1,43 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/crypto/symmetric_key.h"
+
+#include "base/logging.h"
+
+namespace base {
+
+SymmetricKey::~SymmetricKey() {
+}
+
+// static
+SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm,
+ size_t key_size_in_bits) {
+ NOTIMPLEMENTED();
+ return NULL;
+}
+
+// static
+SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm,
+ const std::string& password,
+ const std::string& salt,
+ size_t iterations,
+ size_t key_size_in_bits) {
+ NOTIMPLEMENTED();
+ return NULL;
+}
+
+// static
+SymmetricKey* SymmetricKey::Import(Algorithm algorithm,
+ const std::string& raw_key) {
+ NOTIMPLEMENTED();
+ return NULL;
+}
+
+bool SymmetricKey::GetRawKey(std::string* raw_key) {
+ NOTIMPLEMENTED();
+ return false;
+}
+
+} // namespace base
diff --git a/base/hmac_openssl.cc b/base/hmac_openssl.cc
new file mode 100644
index 0000000..f45d3a7
--- /dev/null
+++ b/base/hmac_openssl.cc
@@ -0,0 +1,57 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/hmac.h"
+
+#include <openssl/hmac.h>
+
+#include <algorithm>
+#include <vector>
+
+#include "base/logging.h"
+#include "base/openssl_util.h"
+#include "base/scoped_ptr.h"
+#include "base/stl_util-inl.h"
+
+namespace base {
+
+struct HMACPlatformData {
+ std::vector<unsigned char> key;
+};
+
+HMAC::HMAC(HashAlgorithm hash_alg)
+ : hash_alg_(hash_alg), plat_(new HMACPlatformData()) {
+ // Only SHA-1 and SHA-256 hash algorithms are supported now.
+ DCHECK(hash_alg_ == SHA1 || hash_alg_ == SHA256);
+}
+
+bool HMAC::Init(const unsigned char* key, int key_length) {
+ // Init must not be called more than once on the same HMAC object.
+ DCHECK(plat_->key.empty());
+
+ plat_->key.assign(key, key + key_length);
+ return true;
+}
+
+HMAC::~HMAC() {
+ // Zero out key copy.
+ plat_->key.assign(plat_->key.size(), 0);
+ STLClearObject(&plat_->key);
+}
+
+bool HMAC::Sign(const std::string& data,
+ unsigned char* digest,
+ int digest_length) {
+ DCHECK_GE(digest_length, 0);
+ DCHECK(!plat_->key.empty()); // Init must be called before Sign.
+
+ ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> result(digest, digest_length);
+ return ::HMAC(hash_alg_ == SHA1 ? EVP_sha1() : EVP_sha256(),
+ &plat_->key[0], plat_->key.size(),
+ reinterpret_cast<const unsigned char*>(data.data()),
+ data.size(),
+ result.safe_buffer(), NULL);
+}
+
+} // namespace base
diff --git a/base/openssl_util.h b/base/openssl_util.h
new file mode 100644
index 0000000..4f564cf6
--- /dev/null
+++ b/base/openssl_util.h
@@ -0,0 +1,53 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BASE_OPENNSSL_UTIL_H_
+#define BASE_OPENNSSL_UTIL_H_
+#pragma once
+
+#include "base/basictypes.h"
+
+namespace base {
+
+// Provides a buffer of at least MIN_SIZE bytes, for use when calling OpenSSL's
+// SHA256, HMAC, etc functions, adapting the buffer sizing rules to meet those
+// of the our base wrapper APIs.
+// This allows the library to write directly to the caller's buffer if it is of
+// sufficient size, but if not it will write to temporary |min_sized_buffer_|
+// of required size and then its content is automatically copied out on
+// destruction, with truncation as appropriate.
+template<int MIN_SIZE>
+class ScopedOpenSSLSafeSizeBuffer {
+ public:
+ ScopedOpenSSLSafeSizeBuffer(unsigned char* output, size_t output_len)
+ : output_(output),
+ output_len_(output_len) {
+ }
+
+ ~ScopedOpenSSLSafeSizeBuffer() {
+ if (output_len_ < MIN_SIZE) {
+ // Copy the temporary buffer out, truncating as needed.
+ memcpy(output_, min_sized_buffer_, output_len_);
+ }
+ // else... any writing already happened directly into |output_|.
+ }
+
+ unsigned char* safe_buffer() {
+ return output_len_ < MIN_SIZE ? min_sized_buffer_ : output_;
+ }
+
+ private:
+ // Pointer to the caller's data area and it's associated size, where data
+ // written via safe_buffer() will [eventually] end up.
+ unsigned char* output_;
+ size_t output_len_;
+
+ // Temporary buffer writen into in the case where the caller's
+ // buffer is not of sufficient size.
+ unsigned char min_sized_buffer_[MIN_SIZE];
+};
+
+} // namespace base
+
+#endif // BASE_NSS_UTIL_H_
diff --git a/base/sha2_openssl.cc b/base/sha2_openssl.cc
new file mode 100644
index 0000000..afbce2f
--- /dev/null
+++ b/base/sha2_openssl.cc
@@ -0,0 +1,30 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/sha2.h"
+
+#include <openssl/ssl.h>
+
+#include "base/basictypes.h"
+#include "base/openssl_util.h"
+#include "base/stl_util-inl.h"
+
+namespace base {
+
+void SHA256HashString(const std::string& str, void* output, size_t len) {
+ COMPILE_ASSERT(SHA256_LENGTH == SHA256_DIGEST_LENGTH,
+ API_and_OpenSSL_SHA256_lengths_must_match);
+ ScopedOpenSSLSafeSizeBuffer<SHA256_DIGEST_LENGTH> result(
+ reinterpret_cast<unsigned char*>(output), len);
+ ::SHA256(reinterpret_cast<const unsigned char*>(str.data()), str.size(),
+ result.safe_buffer());
+}
+
+std::string SHA256HashString(const std::string& str) {
+ std::string output(SHA256_LENGTH, 0);
+ SHA256HashString(str, string_as_array(&output), output.size());
+ return output;
+}
+
+} // namespace base
diff --git a/build/all.gyp b/build/all.gyp
index 26ded8e6..7174137c3 100644
--- a/build/all.gyp
+++ b/build/all.gyp
@@ -20,7 +20,6 @@
'../jingle/jingle.gyp:*',
'../media/media.gyp:*',
'../net/net.gyp:*',
- '../net/third_party/nss/ssl.gyp:*',
'../printing/printing.gyp:*',
'../sdch/sdch.gyp:*',
'../skia/skia.gyp:*',
@@ -134,6 +133,11 @@
'../remoting/remoting.gyp:*',
],
}],
+ ['use_openssl!=1', {
+ 'dependencies': [
+ '../net/third_party/nss/ssl.gyp:*',
+ ],
+ }],
],
},
],
diff --git a/build/build_config.h b/build/build_config.h
index a3ddc2b3..e2d26cb 100644
--- a/build/build_config.h
+++ b/build/build_config.h
@@ -47,10 +47,16 @@
#if defined(OS_LINUX) || defined(OS_FREEBSD) || defined(OS_OPENBSD) || \
defined(OS_SOLARIS)
-#define USE_NSS 1 // Use NSS for crypto.
+#if !defined(USE_OPENSSL)
+#define USE_NSS 1 // Default to use NSS for crypto, unless OpenSSL is chosen.
+#endif
#define USE_X11 1 // Use X for graphics.
#endif
+#if defined(USE_OPENSSL) && defined(USE_NSS)
+#error Cannot use both OpenSSL and NSS
+#endif
+
// For access to standard POSIXish features, use OS_POSIX instead of a
// more specific macro.
#if defined(OS_MACOSX) || defined(OS_LINUX) || defined(OS_FREEBSD) || \
diff --git a/chrome/app/chrome_dll_main.cc b/chrome/app/chrome_dll_main.cc
index d63c3cef..0d59516 100644
--- a/chrome/app/chrome_dll_main.cc
+++ b/chrome/app/chrome_dll_main.cc
@@ -926,8 +926,10 @@
ZygoteHost* zhost = Singleton<ZygoteHost>::get();
zhost->Init(sandbox_cmd);
+#if defined(USE_NSS)
// We want to be sure to init NSPR on the main thread.
base::EnsureNSPRInit();
+#endif
g_thread_init(NULL);
// Glib type system initialization. Needed at least for gconf,
diff --git a/chrome/browser/dom_ui/options/advanced_options_handler.cc b/chrome/browser/dom_ui/options/advanced_options_handler.cc
index c5b950f3..15a297c0 100644
--- a/chrome/browser/dom_ui/options/advanced_options_handler.cc
+++ b/chrome/browser/dom_ui/options/advanced_options_handler.cc
@@ -239,7 +239,7 @@
NewCallback(this,
&AdvancedOptionsHandler::HandleMetricsReportingCheckbox));
#endif
-#if !defined(USE_NSS)
+#if !defined(USE_NSS) && !defined(USE_OPENSSL)
dom_ui_->RegisterMessageCallback("showManageSSLCertificates",
NewCallback(this,
&AdvancedOptionsHandler::ShowManageSSLCertificates));
@@ -404,7 +404,7 @@
}
#endif
-#if !defined(USE_NSS)
+#if !defined(USE_NSS) && !defined(USE_OPENSSL)
void AdvancedOptionsHandler::ShowManageSSLCertificates(const ListValue* args) {
UserMetricsRecordAction(UserMetricsAction("Options_ManageSSLCertificates"));
AdvancedOptionsUtilities::ShowManageSSLCertificates(dom_ui_->tab_contents());
diff --git a/chrome/browser/importer/nss_decryptor.h b/chrome/browser/importer/nss_decryptor.h
index 8361d17..9896a14 100644
--- a/chrome/browser/importer/nss_decryptor.h
+++ b/chrome/browser/importer/nss_decryptor.h
@@ -12,6 +12,13 @@
#include "chrome/browser/importer/nss_decryptor_mac.h"
#elif defined(OS_WIN)
#include "chrome/browser/importer/nss_decryptor_win.h"
+#elif defined(USE_OPENSSL)
+// TODO(joth): It should be an error to include this file with USE_OPENSSL
+// defined. (Unless there is a way to do nss decrypt with OpenSSL). Ideally
+// we remove the importers that depend on NSS when doing USE_OPENSSL builds, but
+// that is going to take some non-trivial refactoring so in the meantime we're
+// just falling back to a no-op implementation.
+#include "chrome/browser/importer/nss_decryptor_null.h"
#elif defined(USE_NSS)
#include "chrome/browser/importer/nss_decryptor_system_nss.h"
#endif
diff --git a/chrome/browser/importer/nss_decryptor_null.h b/chrome/browser/importer/nss_decryptor_null.h
new file mode 100644
index 0000000..155f1e0
--- /dev/null
+++ b/chrome/browser/importer/nss_decryptor_null.h
@@ -0,0 +1,40 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_IMPORTER_NSS_DECRYPTOR_NULL_H_
+#define CHROME_BROWSER_IMPORTER_NSS_DECRYPTOR_NULL_H_
+#pragma once
+
+#include <string>
+#include <vector>
+
+#include "base/basictypes.h"
+#include "base/string16.h"
+
+class FilePath;
+
+namespace webkit_glue {
+struct PasswordForm;
+}
+
+// A NULL wrapper for Firefox NSS decrypt component, for use in builds where
+// we do not have the NSS library.
+class NSSDecryptor {
+ public:
+ NSSDecryptor() {}
+ bool Init(const std::wstring& /* dll_path */,
+ const std::wstring& db_path) { return false; }
+ string16 Decrypt(const std::string& crypt) const { return string16(); }
+ void ParseSignons(const std::string& content,
+ std::vector<webkit_glue::PasswordForm>* forms) {}
+ bool ReadAndParseSignons(const FilePath& sqlite_file,
+ std::vector<webkit_glue::PasswordForm>* forms) {
+ return false;
+ }
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(NSSDecryptor);
+};
+
+#endif // CHROME_BROWSER_IMPORTER_NSS_DECRYPTOR_NULL_H_
diff --git a/chrome/browser/sync/util/nigori.cc b/chrome/browser/sync/util/nigori.cc
index 77cca2b..49ed1db 100644
--- a/chrome/browser/sync/util/nigori.cc
+++ b/chrome/browser/sync/util/nigori.cc
@@ -6,6 +6,8 @@
#if defined(OS_WIN)
#include <winsock2.h> // for htonl
+#else
+#include <arpa/inet.h>
#endif
#include <sstream>
diff --git a/chrome/chrome_browser.gypi b/chrome/chrome_browser.gypi
index 3fe2650..7809a68 100644
--- a/chrome/chrome_browser.gypi
+++ b/chrome/chrome_browser.gypi
@@ -4080,6 +4080,13 @@
'browser/importer/ie_importer.cc',
],
}],
+ [ 'use_openssl==1', {
+ 'sources!': [
+ 'browser/importer/nss_decryptor.cc',
+ 'browser/importer/nss_decryptor_system_nss.cc',
+ 'browser/importer/nss_decryptor_system_nss.h',
+ ],
+ }],
],
},
{
diff --git a/chrome/common/pref_names.cc b/chrome/common/pref_names.cc
index 27bc3b7f..a26a4d8 100644
--- a/chrome/common/pref_names.cc
+++ b/chrome/common/pref_names.cc
@@ -212,9 +212,9 @@
// Boolean pref indicating if instant is enabled.
const char kInstantEnabled[] = "instant.enabled";
-#if defined(USE_NSS)
+#if defined(USE_NSS) || defined(USE_OPENSSL)
// Prefs for SSLConfigServicePref. Currently, these are only present on
-// and used by NSS-using OSes.
+// and used by NSS/OpenSSL using OSes.
const char kCertRevocationCheckingEnabled[] = "ssl.rev_checking.enabled";
const char kSSL2Enabled[] = "ssl.ssl2.enabled";
const char kSSL3Enabled[] = "ssl.ssl3.enabled";
diff --git a/chrome/common/pref_names.h b/chrome/common/pref_names.h
index 7f7acdc..52adbc36 100644
--- a/chrome/common/pref_names.h
+++ b/chrome/common/pref_names.h
@@ -75,7 +75,7 @@
extern const char kCookiePromptExpanded[];
extern const char kInstantConfirmDialogShown[];
extern const char kInstantEnabled[];
-#if defined(USE_NSS)
+#if defined(USE_NSS) || defined(USE_OPENSSL)
extern const char kCertRevocationCheckingEnabled[];
extern const char kSSL2Enabled[];
extern const char kSSL3Enabled[];
diff --git a/net/base/cert_database.h b/net/base/cert_database.h
index 377c0a8..409ed91 100644
--- a/net/base/cert_database.h
+++ b/net/base/cert_database.h
@@ -67,7 +67,7 @@
// the platform cert database, or possibly other network error codes.
int AddUserCert(X509Certificate* cert);
-#if defined(USE_NSS)
+#if defined(USE_NSS) || defined(USE_OPENSSL)
// Get a list of unique certificates in the certificate database. (One
// instance of all certificates.)
void ListCerts(CertificateList* certs);
diff --git a/net/base/cert_test_util.h b/net/base/cert_test_util.h
index 45c8ed3..8709156d 100644
--- a/net/base/cert_test_util.h
+++ b/net/base/cert_test_util.h
@@ -14,7 +14,7 @@
class X509Certificate;
-#if defined(USE_NSS) || defined(OS_MACOSX)
+#if defined(USE_NSS) || defined(OS_MACOSX) || defined(USE_OPENSSL)
// Loads and trusts a root CA certificate (stored in a file) temporarily.
// TODO(wtc): Implement this function on Windows (http://crbug.com/8470).
X509Certificate* LoadTemporaryRootCert(const FilePath& filename);
diff --git a/net/http/des.cc b/net/http/des.cc
index 775f902..11d7a26 100644
--- a/net/http/des.cc
+++ b/net/http/des.cc
@@ -84,7 +84,14 @@
key[7] = DESSetKeyParity((raw[6] << 1));
}
-#if defined(USE_NSS)
+#if defined(USE_OPENSSL)
+
+void DESEncrypt(const uint8* key, const uint8* src, uint8* hash) {
+ // TODO(joth): When implementing consider splitting up this file by platform.
+ NOTIMPLEMENTED();
+}
+
+#elif defined(USE_NSS)
void DESEncrypt(const uint8* key, const uint8* src, uint8* hash) {
CK_MECHANISM_TYPE cipher_mech = CKM_DES_ECB;
diff --git a/net/net.gyp b/net/net.gyp
index 3c191896..8e01f57 100644
--- a/net/net.gyp
+++ b/net/net.gyp
@@ -232,9 +232,19 @@
'dependencies': [
'../build/linux/system.gyp:gconf',
'../build/linux/system.gyp:gdk',
- '../build/linux/system.gyp:nss',
'../build/linux/system.gyp:libresolv',
],
+ 'conditions': [
+ ['use_openssl==1', {
+ 'dependencies': [
+ '../build/linux/system.gyp:openssl',
+ ],
+ }, { # else: not using openssl. Use NSS.
+ 'dependencies': [
+ '../build/linux/system.gyp:nss',
+ ],
+ }],
+ ],
},
{ # else: OS is not in the above list
'sources!': [
@@ -252,12 +262,14 @@
],
},
],
- [ 'use_openssl == 1 and OS == "linux"', {
- # When building for OpenSSL, we need to exclude some NSS files.
- # TODO(bulach): remove once we fully support OpenSSL.
+ [ 'use_openssl==1', {
'sources!': [
'base/cert_database_nss.cc',
+ 'base/dnssec_keyset.cc',
+ 'base/dnssec_keyset.h',
'base/keygen_handler_nss.cc',
+ 'base/nss_memio.c',
+ 'base/nss_memio.h',
'base/x509_certificate_nss.cc',
'third_party/mozilla_security_manager/nsKeygenHandler.cpp',
'third_party/mozilla_security_manager/nsKeygenHandler.h',
@@ -269,7 +281,7 @@
'third_party/mozilla_security_manager/nsPKCS12Blob.h',
],
},
- { # else: not using openssl.
+ { # else: not using openssl.
'sources!': [
'base/cert_database_openssl.cc',
'base/keygen_handler_openssl.cc',
@@ -701,7 +713,7 @@
'proxy/proxy_config_service_linux.h',
],
}],
- ['use_openssl==1 and OS == "linux"', {
+ ['use_openssl==1', {
'dependencies': [
'../build/linux/system.gyp:openssl',
],
@@ -972,11 +984,13 @@
}],
],
}],
- [ 'use_openssl == 1 and OS == "linux"', {
- # When building for OpenSSL, we need to exclude some NSS files.
- # TODO(bulach): remove once we fully support OpenSSL.
+ [ 'use_openssl==1', {
+ # When building for OpenSSL, we need to exclude NSS specific tests.
+ # TODO(bulach): Add equivalent tests when the underlying
+ # functionality is ported to OpenSSL.
'sources!': [
'base/cert_database_nss_unittest.cc',
+ 'base/dnssec_unittest.cc',
],
},
],
@@ -1146,8 +1160,16 @@
],
}],
['OS == "linux" or OS == "freebsd" or OS == "openbsd"', {
- 'dependencies': [
- '../build/linux/system.gyp:nss',
+ 'conditions': [
+ ['use_openssl==1', {
+ 'dependencies': [
+ '../build/linux/system.gyp:openssl',
+ ]
+ }, {
+ 'dependencies': [
+ '../build/linux/system.gyp:nss',
+ ],
+ }],
],
}],
['OS == "linux"', {
@@ -1159,11 +1181,6 @@
}],
],
}],
- ['use_openssl == 1 and OS == "linux"', {
- 'dependencies': [
- '../build/linux/system.gyp:openssl',
- ]
- }],
],
},
{