diff options
Diffstat (limited to 'base/crypto')
| -rw-r--r-- | base/crypto/cssm_init.cc | 24 | ||||
| -rw-r--r-- | base/crypto/cssm_init.h | 9 |
2 files changed, 33 insertions, 0 deletions
diff --git a/base/crypto/cssm_init.cc b/base/crypto/cssm_init.cc index 510ae0c..b04cbe7 100644 --- a/base/crypto/cssm_init.cc +++ b/base/crypto/cssm_init.cc @@ -6,6 +6,7 @@ #include <Security/SecBase.h> +#include "base/lock.h" #include "base/logging.h" #include "base/singleton.h" #include "base/sys_string_conversions.h" @@ -75,6 +76,25 @@ class CSSMInitSingleton { CSSM_CSP_HANDLE csp_handle_; }; +// This singleton is separate as it pertains to Apple's wrappers over +// their own CSSM handles, as opposed to our own CSSM_CSP_HANDLE. +class SecurityServicesSingleton { + public: + ~SecurityServicesSingleton() {} + + Lock& lock() { return lock_; } + + private: + friend class Singleton<SecurityServicesSingleton>; + friend struct DefaultSingletonTraits<SecurityServicesSingleton>; + + SecurityServicesSingleton() {} + + Lock lock_; + + DISALLOW_COPY_AND_ASSIGN(SecurityServicesSingleton); +}; + } // namespace namespace base { @@ -124,4 +144,8 @@ void LogCSSMError(const char *fn_name, CSSM_RETURN err) { } } +Lock& GetMacSecurityServicesLock() { + return Singleton<SecurityServicesSingleton>::get()->lock(); +} + } // namespace base diff --git a/base/crypto/cssm_init.h b/base/crypto/cssm_init.h index 721b2e8..b5ec03d 100644 --- a/base/crypto/cssm_init.h +++ b/base/crypto/cssm_init.h @@ -10,6 +10,8 @@ #include "base/logging.h" #include "base/scoped_ptr.h" +class Lock; + namespace base { // Initialize CSSM if it isn't already initialized. This must be called before @@ -26,6 +28,13 @@ extern const CSSM_API_MEMORY_FUNCS kCssmMemoryFunctions; // Utility function to log an error message including the error name. void LogCSSMError(const char *function_name, CSSM_RETURN err); +// The OS X certificate and key management wrappers over CSSM are not +// thread-safe. In particular, code that accesses the CSSM database is +// problematic. +// +// http://developer.apple.com/mac/library/documentation/Security/Reference/certifkeytrustservices/Reference/reference.html +Lock& GetMacSecurityServicesLock(); + } // namespace base #endif // BASE_CRYPTO_CSSM_INIT_H_ |