thread safety in gnutls [was: Re: Handshake and verification]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Dec 9 16:45:58 CET 2009
On 12/09/2009 10:29 AM, lfinsto at gwdg.de wrote:
> No, I had actually read this, but forgotten about it. However, when I
> tried it, i.e.,
[...]
> I got this error from the call to `generate_rsa_params':
>
> Ohhhh jeeee: operation is not possible without initialized secure memory
> Aborted
You're probably using a gcrypt version earlier than 1.4.3, when they
added a default initialization of secure memory. Try adding the
following after the THREAD_CBS, but before the global_init to initialize
gcrypt's secure memory explicitly:
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
for further reference, you can read here:
http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html
but unfortunately, the documentation for initializing gcrypt isn't
terribly clear. I've asked for improved documentation on that recently,
but haven't gotten much of a response:
http://lists.gnupg.org/pipermail/gcrypt-devel/2009-October/001504.html
I'm afraid i don't know the library well enough myself to write improved
documentation for it, though.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20091209/707bd7c4/attachment.pgp>
More information about the Gnutls-devel
mailing list