[GitHub] [guacamole-server] mike-jumper commented on a change in pull request #321: GUACAMOLE-1133: initialize GCrypt in VNC protocol prior to client start-up

[GitBox]

mike-jumper commented on a change in pull request #321:
URL: https://github.com/apache/guacamole-server/pull/321#discussion_r561319738



##########
File path: src/common-ssh/ssh.c
##########
@@ -140,11 +140,26 @@ static void guac_common_ssh_openssl_free_locks(int count) 
{
 int guac_common_ssh_init(guac_client* client) {
 
 #ifdef LIBSSH2_USES_GCRYPT
-    /* Init threadsafety in libgcrypt */
-    gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
-    if (!gcry_check_version(GCRYPT_VERSION)) {
-        guac_client_log(client, GUAC_LOG_ERROR, "libgcrypt version mismatch.");
-        return 1;
+    
+    if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P)) {
+    
+        /* Init threadsafety in libgcrypt */
+        gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+        
+        /* Initialize GCrypt */
+        if (!gcry_check_version(GCRYPT_VERSION)) {
+            guac_client_log(client, GUAC_LOG_ERROR, "libgcrypt version 
mismatch.");
+            return 1;
+        }
+        
+        /* Initialize secure memory space. */
+        gcry_control(GCRYCTL_SUSPEND_SECMEM_WARN);
+        gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0);
+        gcry_control(GCRYCTL_RESUME_SECMEM_WARN);

Review comment:
       I'm somewhat concerned about allocating secure memory unless we expect 
that it will be used, as it is apparently a finite resource. From my read of 
the initialization docs for gcrypt, this will not affect usage of memory in 
general, but rather only explicit attempts to allocate secure memory using 
gcrypt's functions for doing so. Looking through the libvncclient (and libssh2) 
code, I'm so far not seeing any usage of secure memory.

##########
File path: src/protocols/vnc/vnc.c
##########
@@ -133,6 +141,27 @@ rfbClient* guac_vnc_get_client(guac_client* client) {
     /* TLS Locking and Unlocking */
     rfb_client->LockWriteToTLS = guac_vnc_lock_write_to_tls;
     rfb_client->UnlockWriteToTLS = guac_vnc_unlock_write_to_tls;
+#endif
+    
+#ifdef LIBVNCSERVER_WITH_CLIENT_GCRYPT

Review comment:
       Where is this (conditionally) defined?

##########
File path: src/protocols/vnc/vnc.c
##########
@@ -133,6 +141,27 @@ rfbClient* guac_vnc_get_client(guac_client* client) {
     /* TLS Locking and Unlocking */
     rfb_client->LockWriteToTLS = guac_vnc_lock_write_to_tls;
     rfb_client->UnlockWriteToTLS = guac_vnc_unlock_write_to_tls;
+#endif
+    
+#ifdef LIBVNCSERVER_WITH_CLIENT_GCRYPT

Review comment:
       Sure - that's a great idea.
   
   I was initially just looking for where the macro was coming from, as there 
were no changes to `configure.ac` and my quick grep of libvncclient code didn't 
reveal anything, but this sounds excellent. It avoids any potential for what we 
saw with the accidental omission of our own `config.h` in handling of FreeRDP 
behavior.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org