From d017adbbbfcedc1d927aa0737476ed3c601446bb Mon Sep 17 00:00:00 2001
From: "davidben@chromium.org"
 <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Wed, 7 Jul 2010 17:36:44 +0000
Subject: Add a lock for OS X CSSM wrapper APIs

They're apparently problematic with threads.

R=agl
BUG=48006
TEST=KeygenHandler.ConcurrencyTest

Review URL: http://codereview.chromium.org/2832047

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@51734 0039d316-1c4b-4281-b951-d872f2087c98
---
 base/crypto/cssm_init.cc | 24 ++++++++++++++++++++++++
 base/crypto/cssm_init.h  |  9 +++++++++
 2 files changed, 33 insertions(+)

(limited to 'base/crypto')

diff --git a/base/crypto/cssm_init.cc b/base/crypto/cssm_init.cc
index 510ae0c..b04cbe7 100644
--- a/base/crypto/cssm_init.cc
+++ b/base/crypto/cssm_init.cc
@@ -6,6 +6,7 @@
 
 #include <Security/SecBase.h>
 
+#include "base/lock.h"
 #include "base/logging.h"
 #include "base/singleton.h"
 #include "base/sys_string_conversions.h"
@@ -75,6 +76,25 @@ class CSSMInitSingleton {
   CSSM_CSP_HANDLE csp_handle_;
 };
 
+// This singleton is separate as it pertains to Apple's wrappers over
+// their own CSSM handles, as opposed to our own CSSM_CSP_HANDLE.
+class SecurityServicesSingleton {
+ public:
+  ~SecurityServicesSingleton() {}
+
+  Lock& lock() { return lock_; }
+
+ private:
+  friend class Singleton<SecurityServicesSingleton>;
+  friend struct DefaultSingletonTraits<SecurityServicesSingleton>;
+
+  SecurityServicesSingleton() {}
+
+  Lock lock_;
+
+  DISALLOW_COPY_AND_ASSIGN(SecurityServicesSingleton);
+};
+
 }  // namespace
 
 namespace base {
@@ -124,4 +144,8 @@ void LogCSSMError(const char *fn_name, CSSM_RETURN err) {
   }
 }
 
+Lock& GetMacSecurityServicesLock() {
+  return Singleton<SecurityServicesSingleton>::get()->lock();
+}
+
 }  // namespace base
diff --git a/base/crypto/cssm_init.h b/base/crypto/cssm_init.h
index 721b2e8..b5ec03d 100644
--- a/base/crypto/cssm_init.h
+++ b/base/crypto/cssm_init.h
@@ -10,6 +10,8 @@
 #include "base/logging.h"
 #include "base/scoped_ptr.h"
 
+class Lock;
+
 namespace base {
 
 // Initialize CSSM if it isn't already initialized.  This must be called before
@@ -26,6 +28,13 @@ extern const CSSM_API_MEMORY_FUNCS kCssmMemoryFunctions;
 // Utility function to log an error message including the error name.
 void LogCSSMError(const char *function_name, CSSM_RETURN err);
 
+// The OS X certificate and key management wrappers over CSSM are not
+// thread-safe. In particular, code that accesses the CSSM database is
+// problematic.
+//
+// http://developer.apple.com/mac/library/documentation/Security/Reference/certifkeytrustservices/Reference/reference.html
+Lock& GetMacSecurityServicesLock();
+
 }  // namespace base
 
 #endif  // BASE_CRYPTO_CSSM_INIT_H_
-- 
cgit v1.1