Fix nits in crypto::InitNSSSafely().

Some comments in https://chromiumcodereview.appspot.com/11411013/ were not addressed before the CL landed, so do that now. BUG=None TEST=content_browsertests NOTRY=true Review URL: https://chromiumcodereview.appspot.com/11418212 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@170129 0039d316-1c4b-4281-b951-d872f2087c98
Denger-Network · Nov 29, 2012 · 2fdd99e · 2fdd99e
1 parent 8965dfc
commit 2fdd99e
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 12 deletions.
diff --git a/content/ppapi_plugin/ppapi_plugin_main.cc b/content/ppapi_plugin/ppapi_plugin_main.cc
@@ -84,7 +84,7 @@ int PpapiPluginMain(const MainFunctionParams& parameters) {
 #if defined(OS_LINUX) && defined(USE_NSS)
   // Some out-of-process PPAPI plugins use NSS.
   // NSS must be initialized before enabling the sandbox below.
-  crypto::WarmUpNSSSafely();
+  crypto::InitNSSSafely();
 #endif
 
   // Allow the embedder to perform any necessary per-process initialization

diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc
@@ -650,15 +650,15 @@ void EnsureNSPRInit() {
   g_nspr_singleton.Get();
 }
 
-void WarmUpNSSSafely() {
+void InitNSSSafely() {
   // We might fork, but we haven't loaded any security modules.
-  crypto::DisableNSSForkCheck();
+  DisableNSSForkCheck();
   // If we're sandboxed, we shouldn't be able to open user security modules,
   // but it's more correct to tell NSS to not even try.
   // Loading user security modules would have security implications.
-  crypto::ForceNSSNoDBInit();
+  ForceNSSNoDBInit();
   // Initialize NSS.
-  crypto::EnsureNSSInit();
+  EnsureNSSInit();
 }
 
 void EnsureNSSInit() {

diff --git a/crypto/nss_util.h b/crypto/nss_util.h
@@ -36,15 +36,16 @@ CRYPTO_EXPORT void EarlySetupForNSSInit();
 // thread-safe, and NSPR will only ever be initialized once.
 CRYPTO_EXPORT void EnsureNSPRInit();
 
-// Initialize NSS safely for strict sandboxing.  This function makes sure that
-// NSS is initialized safely and will have proper entropy in a restricted,
-// sandboxed environment.
+// Initialize NSS safely for strict sandboxing.  This function tells NSS to not
+// load user security modules, and makes sure NSS will have proper entropy in a
+// restricted, sandboxed environment.
 //
 // As a defense in depth measure, this function should be called in a sandboxed
-// environment to make sure NSS will not load security modules that could
-// expose private data and keys.  Make sure to get an LGTM from Security
-// if you use this.
-CRYPTO_EXPORT void WarmUpNSSSafely();
+// environment.  That way, in the event of a bug, NSS will still not be able to
+// load security modules that could expose private data and keys.
+//
+// Make sure to get an LGTM from the Chrome Security Team if you use this.
+CRYPTO_EXPORT void InitNSSSafely();
 
 // Initialize NSS if it isn't already initialized.  This must be called before
 // any other NSS functions.  This function is thread-safe, and NSS will only