kris/th5
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

crypto/tls: Add mutex to protect KeyLogWriter

Browse Source 
Concurrent use of tls.Config is allowed, and may lead to
KeyLogWriter being written to concurrently. Without a mutex
to protect it, corrupted output may occur. A mutex is added
for correctness.

The mutex is made global to save size of the config struct as
KeyLogWriter is rarely enabled.

Related to #13057.

Change-Id: I5ee55b6d8b43a191ec21f06e2aaae5002a71daef
Reviewed-on: https://go-review.googlesource.com/29016
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This commit is contained in:
Joonas Kuorilehto 2016-09-10 22:07:33 +03:00 committed by Brad Fitzpatrick
parent 1822025fbf
commit 433c5c3eec
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
common.go
View File

@ -643,10 +643,16 @@ func (c *Config) writeKeyLog(clientRandom, masterSecret []byte) error {
if c.KeyLogWriter == nil { if c.KeyLogWriter == nil {
return nil return nil
} }
writerMutex.Lock()
_, err := fmt.Fprintf(c.KeyLogWriter, "CLIENT_RANDOM %x %x\n", clientRandom, masterSecret) _, err := fmt.Fprintf(c.KeyLogWriter, "CLIENT_RANDOM %x %x\n", clientRandom, masterSecret)
writerMutex.Unlock()
return err return err
} }
// writerMutex protects all KeyLogWriters globally. It is rarely enabled,
// and is only for debugging, so a global mutex saves space.
var writerMutex sync.Mutex
// A Certificate is a chain of one or more certificates, leaf first. // A Certificate is a chain of one or more certificates, leaf first.
type Certificate struct { type Certificate struct {
Certificate [][]byte Certificate [][]byte