[GitHub] [guacamole-server] necouchman commented on a change in pull request #321: GUACAMOLE-1133: initialize GCrypt in VNC protocol prior to client start-up

GitBox Thu, 21 Jan 2021 21:39:20 -0800


necouchman commented on a change in pull request #321:
URL: https://github.com/apache/guacamole-server/pull/321#discussion_r561469235




##########
File path: src/common-ssh/ssh.c
##########
@@ -140,11 +140,26 @@ static void guac_common_ssh_openssl_free_locks(int count) 
{
 int guac_common_ssh_init(guac_client* client) {
 
 #ifdef LIBSSH2_USES_GCRYPT
-    /* Init threadsafety in libgcrypt */
-    gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
-    if (!gcry_check_version(GCRYPT_VERSION)) {
-        guac_client_log(client, GUAC_LOG_ERROR, "libgcrypt version mismatch.");
-        return 1;
+    
+    if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P)) {
+    
+        /* Init threadsafety in libgcrypt */
+        gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+        
+        /* Initialize GCrypt */
+        if (!gcry_check_version(GCRYPT_VERSION)) {
+            guac_client_log(client, GUAC_LOG_ERROR, "libgcrypt version 
mismatch.");
+            return 1;
+        }
+        
+        /* Initialize secure memory space. */
+        gcry_control(GCRYCTL_SUSPEND_SECMEM_WARN);
+        gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0);
+        gcry_control(GCRYCTL_RESUME_SECMEM_WARN);

Review comment:
       Ah, okay, sounds good. Removed.

##########
File path: src/protocols/vnc/vnc.c
##########
@@ -133,6 +141,27 @@ rfbClient* guac_vnc_get_client(guac_client* client) {
     /* TLS Locking and Unlocking */
     rfb_client->LockWriteToTLS = guac_vnc_lock_write_to_tls;
     rfb_client->UnlockWriteToTLS = guac_vnc_unlock_write_to_tls;
+#endif
+    
+#ifdef LIBVNCSERVER_WITH_CLIENT_GCRYPT

Review comment:
       rfbconfig.h:
   ```
   /* Enable support for libgcrypt in libvncclient */
   #ifndef LIBVNCSERVER_WITH_CLIENT_GCRYPT 
   #define LIBVNCSERVER_WITH_CLIENT_GCRYPT  1 
   #endif
   ```
   
   which is then included in rfbproto.h.

##########
File path: src/protocols/vnc/vnc.c
##########
@@ -133,6 +141,27 @@ rfbClient* guac_vnc_get_client(guac_client* client) {
     /* TLS Locking and Unlocking */
     rfb_client->LockWriteToTLS = guac_vnc_lock_write_to_tls;
     rfb_client->UnlockWriteToTLS = guac_vnc_unlock_write_to_tls;
+#endif
+    
+#ifdef LIBVNCSERVER_WITH_CLIENT_GCRYPT

Review comment:
       rfbconfig.h:
   ```
   /* Enable support for libgcrypt in libvncclient */
   #ifndef LIBVNCSERVER_WITH_CLIENT_GCRYPT 
   #define LIBVNCSERVER_WITH_CLIENT_GCRYPT  1 
   #endif
   ```
   
   which is then included in rfbproto.h. Should I explicitly `#include 
<rfbconfig.h>`?

##########
File path: src/protocols/vnc/vnc.c
##########
@@ -133,6 +141,27 @@ rfbClient* guac_vnc_get_client(guac_client* client) {
     /* TLS Locking and Unlocking */
     rfb_client->LockWriteToTLS = guac_vnc_lock_write_to_tls;
     rfb_client->UnlockWriteToTLS = guac_vnc_unlock_write_to_tls;
+#endif
+    
+#ifdef LIBVNCSERVER_WITH_CLIENT_GCRYPT

Review comment:
       Should be so, now.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [guacamole-server] necouchman commented on a change in pull request #321: GUACAMOLE-1133: initialize GCrypt in VNC protocol prior to client start-up

Reply via email to