<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<p style="color: #777777;">

<a href="https://gitlab.com/rockdaboot">Tim Rühsen</a>

commented:

</p>

<div style="">

<p dir="auto">Technically yes. But that adds overhead to anyone who is using libgnutls, while addressing this in <code>_gnutls_nss_keylog_write()</code> only has overhead if your path of execution comes here. Some kind of 'lazy loading'.</p>

<p dir="auto">One possible fix would be</p>

<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">diff --git a/lib/kx.c b/lib/kx.c</span>

<span id="LC2" class="line" lang="plaintext">index 69374908e..9b509ccbc 100644</span>

<span id="LC3" class="line" lang="plaintext">--- a/lib/kx.c</span>

<span id="LC4" class="line" lang="plaintext">+++ b/lib/kx.c</span>

<span id="LC5" class="line" lang="plaintext">@@ -78,17 +78,22 @@ void _gnutls_nss_keylog_write(gnutls_session_t session,</span>

<span id="LC6" class="line" lang="plaintext">        static unsigned checked_env = 0;</span>

<span id="LC7" class="line" lang="plaintext"> </span>

<span id="LC8" class="line" lang="plaintext">        if (!checked_env) {</span>

<span id="LC9" class="line" lang="plaintext">-               checked_env = 1;</span>

<span id="LC10" class="line" lang="plaintext">-               keylogfile = secure_getenv("SSLKEYLOGFILE");</span>

<span id="LC11" class="line" lang="plaintext">-               if (keylogfile != NULL)</span>

<span id="LC12" class="line" lang="plaintext">-                       keylog = fopen(keylogfile, "a");</span>

<span id="LC13" class="line" lang="plaintext">+               GNUTLS_STATIC_MUTEX_LOCK(keylog_mutex);</span>

<span id="LC14" class="line" lang="plaintext">+</span>

<span id="LC15" class="line" lang="plaintext">+               if (!checked_env) {</span>

<span id="LC16" class="line" lang="plaintext">+                       checked_env = 1;</span>

<span id="LC17" class="line" lang="plaintext">+                       keylogfile = secure_getenv("SSLKEYLOGFILE");</span>

<span id="LC18" class="line" lang="plaintext">+                       if (keylogfile != NULL)</span>

<span id="LC19" class="line" lang="plaintext">+                               keylog = fopen(keylogfile, "a");</span>

<span id="LC20" class="line" lang="plaintext">+               }</span>

<span id="LC21" class="line" lang="plaintext">+</span>

<span id="LC22" class="line" lang="plaintext">+               GNUTLS_STATIC_MUTEX_LOCK(keylog_mutex);</span>

<span id="LC23" class="line" lang="plaintext">        }</span>

<span id="LC24" class="line" lang="plaintext"> </span>

<span id="LC25" class="line" lang="plaintext">        if (keylog) {</span>

<span id="LC26" class="line" lang="plaintext">                char client_random_hex[2*GNUTLS_RANDOM_SIZE+1];</span>

<span id="LC27" class="line" lang="plaintext">                char secret_hex[2*MAX_HASH_SIZE+1];</span>

<span id="LC28" class="line" lang="plaintext"> </span>

<span id="LC29" class="line" lang="plaintext">-               GNUTLS_STATIC_MUTEX_LOCK(keylog_mutex);</span>

<span id="LC30" class="line" lang="plaintext">                fprintf(keylog, "%s %s %s\n",</span>

<span id="LC31" class="line" lang="plaintext">                        label,</span>

<span id="LC32" class="line" lang="plaintext">                        _gnutls_bin2hex(session->security_parameters.</span>

<span id="LC33" class="line" lang="plaintext">@@ -98,8 +103,9 @@ void _gnutls_nss_keylog_write(gnutls_session_t session,</span>

<span id="LC34" class="line" lang="plaintext">                        _gnutls_bin2hex(secret, secret_size,</span>

<span id="LC35" class="line" lang="plaintext">                                        secret_hex, sizeof(secret_hex), NULL));</span>

<span id="LC36" class="line" lang="plaintext">                fflush(keylog);</span>

<span id="LC37" class="line" lang="plaintext">-               GNUTLS_STATIC_MUTEX_UNLOCK(keylog_mutex);</span>

<span id="LC38" class="line" lang="plaintext">        }</span>

<span id="LC39" class="line" lang="plaintext">+</span>

<span id="LC40" class="line" lang="plaintext">+       GNUTLS_STATIC_MUTEX_UNLOCK(keylog_mutex);</span>

<span id="LC41" class="line" lang="plaintext"> }</span>

<span id="LC42" class="line" lang="plaintext"> </span>

<span id="LC43" class="line" lang="plaintext"> void _gnutls_nss_keylog_deinit(void)</span></code></pre>

<p dir="auto">It adds an additional lock/unlock for the very first call. We could fine-tune it down to one lock/unlock with some slight additional code complexity. WDYT ?</p>

</div>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/802#note_191905039">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/sent_notifications/429926406bacd538fb856983c9fd31a9/unsubscribe">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/802#note_191905039"}}</script>

</p>

</div>

</body>

</html>