libgcrypt RNG locking

Stephan Mueller smueller at chronox.de
Wed Feb 26 13:53:03 CET 2014


Hi,

For my DRBG implementation, I use the locking approach found in random-fips.c.

The following code implements locking:

GPGRT_LOCK_DEFINE (drbg_gcry_lock);

static inline void drbg_lock(drbg_lock_t *lock)
{
	gpg_err_code_t rc;
	(void)lock;
	rc = gpgrt_lock_lock (&drbg_gcry_lock);
	if (rc)
		log_fatal ("failed to acquire the RNG lock: %s\n",
			   gpg_strerror (rc));
}

static inline void drbg_unlock(drbg_lock_t *lock)
{
	gpg_err_code_t rc;
	(void)lock;
	rc = gpgrt_lock_unlock (&drbg_gcry_lock);
	if (rc)
		log_fatal ("failed to release the RNG lock: %s\n",
			   gpg_strerror (rc));
}

The problem I have with this code is that there seems to be no locking taking 
place at all. I found that I should have a deadlock in the published code 
which, however, does not materialize.

If I try to trigger a simple deadlock by calling:

drbg_lock(0);
drbg_lock(0);

there is no deadlock.

What is wrong with the locking approach?

Please note that the drbg_lock_t type resolves to an int and is present due 
the kernel support of the DRBG.


Ciao
Stephan
-- 
| Cui bono? |



More information about the Gcrypt-devel mailing list