forking new process when calling gnutls_global_init() function

Werner Koch wk at
Wed Feb 20 18:57:35 CET 2008

On Wed, 20 Feb 2008 14:38, h.habib at said:

> lets say our process name is dfn_tls. When we run this process and then
>  do ps -aef we get the following output.
>   haidar 24069 24068  0 17:53:54 ttyp1     0:00 ./dfn_tls clientDfn.cfg
>   haidar 24068 23117  0 17:53:51 ttyp1     0:04 ./dfn_tls clientDfn.cfg

Okay that is useful.  I have not looked at the code for a long time, so
please excuse that I didn't mentioned it right away.  What libgcrypt
with rndunix does is to chreate a child process which runs an the actual
entropy gathering (spawing system utilities).  The child communicates
via a pipe with the parent and is controlled by the parent reading from
the child.  Thus after the parent read enough (i.e. got enough entropy),
the child (the entropy gatherer loop) will eventually wait in a write
call until the parent reads again from it.

So now if you kill that child and libgcrypt (the parent) needs to get
more entropy it sits in a read without the other other end connected and
thus gets an EPIPE.  You should see a

  "reading from gatherer pipe failed: %s"

error message.  Of course we could restart the gatherer process but as
it should never terminate in the first place there is no point in
starting it again.  libgcrypt will instead hang in its random generator
because it is not able to load new entropy into its pool.

If there is a real problem, you should either fire up a debugger or
sprinkle more debug printfs into it.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gcrypt-devel mailing list