libgcrypt RNG locking
Stephan Mueller
smueller at chronox.de
Wed Feb 26 13:53:03 CET 2014
Hi,
For my DRBG implementation, I use the locking approach found in random-fips.c.
The following code implements locking:
GPGRT_LOCK_DEFINE (drbg_gcry_lock);
static inline void drbg_lock(drbg_lock_t *lock)
{
gpg_err_code_t rc;
(void)lock;
rc = gpgrt_lock_lock (&drbg_gcry_lock);
if (rc)
log_fatal ("failed to acquire the RNG lock: %s\n",
gpg_strerror (rc));
}
static inline void drbg_unlock(drbg_lock_t *lock)
{
gpg_err_code_t rc;
(void)lock;
rc = gpgrt_lock_unlock (&drbg_gcry_lock);
if (rc)
log_fatal ("failed to release the RNG lock: %s\n",
gpg_strerror (rc));
}
The problem I have with this code is that there seems to be no locking taking
place at all. I found that I should have a deadlock in the published code
which, however, does not materialize.
If I try to trigger a simple deadlock by calling:
drbg_lock(0);
drbg_lock(0);
there is no deadlock.
What is wrong with the locking approach?
Please note that the drbg_lock_t type resolves to an int and is present due
the kernel support of the DRBG.
Ciao
Stephan
--
| Cui bono? |
More information about the Gcrypt-devel
mailing list