X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/866f8763175ff60e4fa455b92b5eb660a12fe6c7..bf028f67fd3bb2266df81b80fb6f25a77112e308:/OSX/libsecurity_keychain/lib/KeyItem.cpp?ds=sidebyside

diff --git a/OSX/libsecurity_keychain/lib/KeyItem.cpp b/OSX/libsecurity_keychain/lib/KeyItem.cpp
index 12f7113f..6bec5672 100644
--- a/OSX/libsecurity_keychain/lib/KeyItem.cpp
+++ b/OSX/libsecurity_keychain/lib/KeyItem.cpp
@@ -38,8 +38,8 @@
 #include <security_keychain/Globals.h>
 #include "KCEventNotifier.h"
 #include <CommonCrypto/CommonDigest.h>
-#include <SecBase.h>
-#include <SecBasePriv.h>
+#include <Security/SecBase.h>
+#include <Security/SecBasePriv.h>
 #include <CoreFoundation/CFPriv.h>
 
 // @@@ This needs to be shared.
@@ -81,6 +81,7 @@ KeyItem::operator CFTypeRef() const throw()
 
     if (mWeakSecKeyRef != NULL) {
         if (_CFTryRetain(mWeakSecKeyRef) == NULL) {
+            StMaybeLock<Mutex> secKeyCDSAMutex(static_cast<CDSASecKey *>(mWeakSecKeyRef)->cdsaKeyMutex);
             // mWeakSecKeyRef is not really valid, pointing to SecKeyRef which going to die - it is somewhere between last CFRelease and entering into mutex-protected section of SecCDSAKeyDestroy.  Avoid using it, pretend that no enveloping SecKeyRef exists.  But make sure that this KeyImpl is disconnected from this about-to-die SecKeyRef, because we do not want KeyImpl connected to it to be really destroyed, it will be connected to newly created SecKeyRef (see below).
             mWeakSecKeyRef->key = NULL;
             mWeakSecKeyRef = NULL;
@@ -488,7 +489,7 @@ KeyItem::key()
         } catch(CssmError cssme) {
             mKey.release();
             secnotice("integrity", "error while checking integrity, denying access: %s", cssme.what());
-            throw cssme;
+            throw;
         }
     }