crypto/tls: Add mutex to protect KeyLogWriter

Concurrent use of tls.Config is allowed, and may lead to
KeyLogWriter being written to concurrently. Without a mutex
to protect it, corrupted output may occur. A mutex is added
for correctness.

The mutex is made global to save size of the config struct as
KeyLogWriter is rarely enabled.

Related to #13057.

Change-Id: I5ee55b6d8b43a191ec21f06e2aaae5002a71daef
Reviewed-on: https://go-review.googlesource.com/29016
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index 46bc2aa03a03a0f199e5867baf95b413eb8eaa1c..28b3d4c6cec7c6a905652b5f0848653f62906df4 100644 (file)
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -643,10 +643,16 @@ func (c *Config) writeKeyLog(clientRandom, masterSecret []byte) error {
        if c.KeyLogWriter == nil {
                return nil
        }
+       writerMutex.Lock()
        _, err := fmt.Fprintf(c.KeyLogWriter, "CLIENT_RANDOM %x %x\n", clientRandom, masterSecret)
+       writerMutex.Unlock()
        return err
 }
 
+// writerMutex protects all KeyLogWriters globally. It is rarely enabled,
+// and is only for debugging, so a global mutex saves space.
+var writerMutex sync.Mutex
+
 // A Certificate is a chain of one or more certificates, leaf first.
 type Certificate struct {
        Certificate [][]byte