testing gcrypt thread-safety

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Oct 28 22:30:18 CET 2009


now that i can properly initialize gcrypt in a threaded fashion (thanks,
Werner!), i'm curious what commands might be particularly vulnerable to
uninitialized threadsafety features.

For example, it appears the registering new ciphers, digests, or
asymmetric algorithms use mutex-based locking, as does secmem and
fips-mode.  Is there other functionality that might be vulnerable?

I don't see any code in the tests/ directory which exercises this stuff,
but i'd be willing to write a test if anyone has a particular feature
that they think would be worth testing against threadsafe initialization.

i'm aware that threadsafety issues are difficult to make reliably 100%
reproducible test cases for, but i figure if we make simple test case,
even a 1% failure rate (assuming folks who build the tool actually run
the test suite and report their errors) would be worth having.

Suggestions for what to test?

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20091028/b91049a7/attachment.pgp>


More information about the Gcrypt-devel mailing list