[gnutls-devel] GnuTLS | locks: couple of improvements using Gnulib glthread (!1485)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Mon Nov 15 16:59:09 CET 2021

Alexander Sosedkin commented on a discussion on lib/tpm2_esys.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1485#note_733549577

> -int install_tpm2_key(struct tpm2_info_st *info, gnutls_privkey_t pkey,
> -		     unsigned int parent, bool emptyauth,
> -		     gnutls_datum_t *privdata, gnutls_datum_t *pubdata)
> +GNUTLS_ONCE(tcti_once);
> +
> +void
> +tpm2_tcti_deinit(void)
> +{
> +	if (tcti_ctx) {
> +		Tss2_TctiLdr_Finalize(&tcti_ctx);
> +	}
> +}
> +
> +static void
> +tcti_once_init(void)

I see an initialization counter `_gnutls_init` in `gnutls_global_init`, yes, and I'm concerned with what happens when it dips below 1 and gnutls deinits for real.

For example, `gnutls_global_set_mutex`'s implementation seems to rely on such below-1 dipping. Even though it doesn't actually verify that the counter went below 1, which it probably should, the purpose of it seems to be to trigger an actual deinit, swap out mutex routines for user-provided ones and init back using them.

Such code suggests that "full deinit to then reinit back" is a supported usage scenario, and in this case I don't like initializing resources just on the first time guarded on a non-resetting 'once'. Bringing be to doubt the commit's stated goal 'This makes sure that the global variables are initialized only once' is a good idea.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1485#note_733549577
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20211115/bdf0a004/attachment.html>

More information about the Gnutls-devel mailing list