<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<p style="color: #777777;">
<a href="https://gitlab.com/rockdaboot">Tim Rühsen</a>
commented:
</p>
<div style="">
<p dir="auto">Technically yes. But that adds overhead to anyone who is using libgnutls, while addressing this in <code>_gnutls_nss_keylog_write()</code> only has overhead if your path of execution comes here. Some kind of 'lazy loading'.</p>
<p dir="auto">One possible fix would be</p>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">diff --git a/lib/kx.c b/lib/kx.c</span>
<span id="LC2" class="line" lang="plaintext">index 69374908e..9b509ccbc 100644</span>
<span id="LC3" class="line" lang="plaintext">--- a/lib/kx.c</span>
<span id="LC4" class="line" lang="plaintext">+++ b/lib/kx.c</span>
<span id="LC5" class="line" lang="plaintext">@@ -78,17 +78,22 @@ void _gnutls_nss_keylog_write(gnutls_session_t session,</span>
<span id="LC6" class="line" lang="plaintext"> static unsigned checked_env = 0;</span>
<span id="LC7" class="line" lang="plaintext"> </span>
<span id="LC8" class="line" lang="plaintext"> if (!checked_env) {</span>
<span id="LC9" class="line" lang="plaintext">- checked_env = 1;</span>
<span id="LC10" class="line" lang="plaintext">- keylogfile = secure_getenv("SSLKEYLOGFILE");</span>
<span id="LC11" class="line" lang="plaintext">- if (keylogfile != NULL)</span>
<span id="LC12" class="line" lang="plaintext">- keylog = fopen(keylogfile, "a");</span>
<span id="LC13" class="line" lang="plaintext">+ GNUTLS_STATIC_MUTEX_LOCK(keylog_mutex);</span>
<span id="LC14" class="line" lang="plaintext">+</span>
<span id="LC15" class="line" lang="plaintext">+ if (!checked_env) {</span>
<span id="LC16" class="line" lang="plaintext">+ checked_env = 1;</span>
<span id="LC17" class="line" lang="plaintext">+ keylogfile = secure_getenv("SSLKEYLOGFILE");</span>
<span id="LC18" class="line" lang="plaintext">+ if (keylogfile != NULL)</span>
<span id="LC19" class="line" lang="plaintext">+ keylog = fopen(keylogfile, "a");</span>
<span id="LC20" class="line" lang="plaintext">+ }</span>
<span id="LC21" class="line" lang="plaintext">+</span>
<span id="LC22" class="line" lang="plaintext">+ GNUTLS_STATIC_MUTEX_LOCK(keylog_mutex);</span>
<span id="LC23" class="line" lang="plaintext"> }</span>
<span id="LC24" class="line" lang="plaintext"> </span>
<span id="LC25" class="line" lang="plaintext"> if (keylog) {</span>
<span id="LC26" class="line" lang="plaintext"> char client_random_hex[2*GNUTLS_RANDOM_SIZE+1];</span>
<span id="LC27" class="line" lang="plaintext"> char secret_hex[2*MAX_HASH_SIZE+1];</span>
<span id="LC28" class="line" lang="plaintext"> </span>
<span id="LC29" class="line" lang="plaintext">- GNUTLS_STATIC_MUTEX_LOCK(keylog_mutex);</span>
<span id="LC30" class="line" lang="plaintext"> fprintf(keylog, "%s %s %s\n",</span>
<span id="LC31" class="line" lang="plaintext"> label,</span>
<span id="LC32" class="line" lang="plaintext"> _gnutls_bin2hex(session->security_parameters.</span>
<span id="LC33" class="line" lang="plaintext">@@ -98,8 +103,9 @@ void _gnutls_nss_keylog_write(gnutls_session_t session,</span>
<span id="LC34" class="line" lang="plaintext"> _gnutls_bin2hex(secret, secret_size,</span>
<span id="LC35" class="line" lang="plaintext"> secret_hex, sizeof(secret_hex), NULL));</span>
<span id="LC36" class="line" lang="plaintext"> fflush(keylog);</span>
<span id="LC37" class="line" lang="plaintext">- GNUTLS_STATIC_MUTEX_UNLOCK(keylog_mutex);</span>
<span id="LC38" class="line" lang="plaintext"> }</span>
<span id="LC39" class="line" lang="plaintext">+</span>
<span id="LC40" class="line" lang="plaintext">+ GNUTLS_STATIC_MUTEX_UNLOCK(keylog_mutex);</span>
<span id="LC41" class="line" lang="plaintext"> }</span>
<span id="LC42" class="line" lang="plaintext"> </span>
<span id="LC43" class="line" lang="plaintext"> void _gnutls_nss_keylog_deinit(void)</span></code></pre>
<p dir="auto">It adds an additional lock/unlock for the very first call. We could fine-tune it down to one lock/unlock with some slight additional code complexity. WDYT ?</p>
</div>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/802#note_191905039">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/429926406bacd538fb856983c9fd31a9/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/802#note_191905039"}}</script>
</p>
</div>
</body>
</html>