Force crypto::AppleKeychain access to be guarded by a Big Global Lock

net/base/cert_verify_proc_mac.cc

Index: net/base/cert_verify_proc_mac.cc
diff --git a/net/base/cert_verify_proc_mac.cc b/net/base/cert_verify_proc_mac.cc
index e47892970f034f18bc3486e0a6a92bd11b8a142b..1a5a1ada77aff87a2ef5648e6223fa6085a92a3e 100644
--- a/net/base/cert_verify_proc_mac.cc
+++ b/net/base/cert_verify_proc_mac.cc
@@ -16,6 +16,8 @@
 #include "base/mac/scoped_cftyperef.h"
 #include "base/sha1.h"
 #include "base/string_piece.h"
+#include "base/synchronization/lock.h"
+#include "crypto/mac_security_services_lock.h"
 #include "crypto/nss_util.h"
 #include "crypto/sha2.h"
 #include "net/base/asn1_util.h"
@@ -366,7 +368,7 @@ int CertVerifyProcMac::VerifyInternal(X509Certificate* cert,
   // of sporadic crashes in the SecTrustEvaluate call below, way down inside
   // Apple's cert code, which we suspect are caused by a thread-safety issue.
   // So as a speculative fix allow only one thread to use SecTrust on this cert.

[wtc, 2012/10/02 01:46:42]

"on this cert" needs to be removed because the lock is no
longer a member of this cert. The lock is a global lock now,
applying to all certs.

-  base::AutoLock lock(verification_lock_);
+  base::AutoLock lock(crypto::GetMacSecurityServicesLock());
 
   SecTrustRef trust_ref = NULL;
   status = SecTrustCreateWithCertificates(cert_array, trust_policies,