Move the core state machine of SSLClientSocketNSS into a thread-safe Core

NSS SSL functions may block on the underlying PKCS#11 modules or on
user input. On ChromeOS, which has a hardware TPM, calls may take upwards
of several seconds, preventing any IPC due to the I/O thread being
blocked.

To avoid blocking the I/O thread on ChromeOS, move the core SSL
implementation to a dedicated worker thread, so that only SSL sockets
are blocked.

BUG=122355
TEST=existing net_unittests + see bug.


Review URL: https://chromiumcodereview.appspot.com/10454066

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140697 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 11 insertions, 0 deletions

diff --git a/net/third_party/nss/ssl/sslinfo.c b/net/third_party/nss/ssl/sslinfo.c
index 0cb46d6..fe6b6f5 100644
--- a/net/third_party/nss/ssl/sslinfo.c
+++ b/net/third_party/nss/ssl/sslinfo.c
@@ -376,8 +376,13 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
 	return SECFailure;
     }
 
+    ssl_GetRecvBufLock(ss);
+    ssl_GetSSL3HandshakeLock(ss);
+
     if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) {
 	PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
+	ssl_ReleaseSSL3HandshakeLock(ss);
+	ssl_ReleaseRecvBufLock(ss);
 	return SECFailure;
     }
 
@@ -388,13 +393,17 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
     }
     val = PORT_Alloc(valLen);
     if (!val) {
+	ssl_ReleaseSSL3HandshakeLock(ss);
+	ssl_ReleaseRecvBufLock(ss);
 	return SECFailure;
     }
     i = 0;
+
     PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
     i += SSL3_RANDOM_LENGTH;
     PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);
     i += SSL3_RANDOM_LENGTH;
+
     if (hasContext) {
 	val[i++] = contextLen >> 8;
 	val[i++] = contextLen;
@@ -415,6 +424,8 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
 					 valLen, out, outLen);
     }
     ssl_ReleaseSpecReadLock(ss);
+    ssl_ReleaseSSL3HandshakeLock(ss);
+    ssl_ReleaseRecvBufLock(ss);
 
     PORT_ZFree(val, valLen);
     return rv;