-
Type: Improvement
-
Resolution: Unresolved
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
-
Server Security
When writing audit logs to disk, we need to ensure that the IVs are allocated under a lock. We also need to ensure that when writing an audit entry to disk, the IVs are written in the right order. We currently do this by taking a lock from the start of encrypting a log line until the log has been written to disk. This can be very slow.
An alternate proposal would be to perform the encryption under lock A and add the encrypted log line to a heap, then release the lock. Later, when the file writer is free, take the file writer lock under lock B and write the first item from the heap to disk.