[gnutls-dev] [PATCH] Fix slow startup under Windows

Simon Josefsson simon at josefsson.org
Thu Feb 1 09:05:25 CET 2007


Gerald Combs <gerald at wireshark.org> writes:

> Attached is a modified version of the patch at
> http://www.securitypunk.com/libgcrypt/ which addresses the slow startup
> problems with libgcrypt under Windows.  The patch includes following
> changes:

Thanks.  Ultimately, the patch will have to be reviewed and installed
by the libgcrypt people, but I took a quick look.  I may end up
installing a patch for gnutls4win before it has been applied to
libgcrypt, but only if I think it looks good.  I'd wish that you could
get Werner to look at and approve your patch, though.

> +static int
> +wincrypt_gatherer( void (*add)(const void*, size_t, int), int requester )
> +{
> +
> +  /* The buffer to store the random bytes in.  For extra safety, this is
> +   * memset()'ed to NULL after each use. */
> +  static unsigned char rand_bytes[ 32 ];
> +
> +  if (!hCryptProvider)
> +    return 0;
> +
> +  /* Now that we have a crypto context, we request a block of
> +   * cryptographically random bytes, and call the add function with it. */
> +  if( CryptGenRandom( hCryptProvider, sizeof( rand_bytes ), rand_bytes ) ) {
> +    (*add) ( rand_bytes, sizeof( rand_bytes ), requester );
> +  } else {
> +    if ( debug_me )
> +      log_debug( "CryptGenRandom failed: %d", GetLastError() );
> +    return 0;
> +  }
> +
> +  /* These random bytes might be used as key material, so we want to clear
> +   * them now. */
> +  memset(rand_bytes, 0, sizeof(rand_bytes));
> +  return 1;
> +}

You only ever read 32 bytes of randomness, that is not sufficient.
Take a look at _gcry_rndw32_gather_random(), it receives a length
parameter.  That is how many bytes you should be reading.  Compare
with how rndlinux.c is looping until it has read that many random
bytes.  Generally, rndlinux.c seem to be doing things in the
(relatively) best way, so it is worth looking at.

> +BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved ) {

Is it necessary to use a DllMain function for this?  What if the
library is linked statically?

/Simon




More information about the Gnutls-devel mailing list