Bug#448775: Uses too much entropy (Debian Bug #343085)
Werner Koch
wk at gnupg.org
Tue Jan 8 10:50:05 CET 2008
On Fri, 4 Jan 2008 17:01, simon at josefsson.org said:
> Right. So what should applications like exim do exactly? Is there
My suggestion is:
int
main ()
{
int rc;
#ifdef WE_USE_PTHREADS
rc = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
if (rc)
error (EXIT_FAILURE, 0, "can't register Pthreads with Libgcrypt: %s\n",
gpg_strerror (rc));
#endif
#ifndef WE_NEED_SECMEM
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
#endif
if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
error (EXIT_FAILURE, 0, "%s is too old (need %s, have %s)\n"), "libgcrypt",
NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
rc = gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, "foo/random-seed");
if (rc)
error (0, 0, "Warning: Error reading seed file: %s", gpg_strerror (rc));
#ifdef WE_NEED_SECMEM
gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
#endif
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
DoIT(); /* initialize gnutls, runs the MTA.. */
rc = gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
if (rc)
error (0, 0, "Warning: Updating seed file failed: %s", gpg_strerror (rc));
return 0;
}
If you don't want to track libgcrypt dependencies just use
if (!gcry_check_version (NULL) )
error (EXIT_FAILURE, 0, "problem intializing Libgcrypt version %s"),
gcry_check_version (NULL) );
This is a sufficient initialization. GNUTLS may later still check the
version. GNUTLS or any other library may use
if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P))
missing_libgcrypt_initialization ();
to check whether libgcrypt has already been initialized. Nikos and me
came up with that scheme some years ago.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnutls-devel
mailing list