[gnutls-devel] lock-free random generator

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Sun Feb 19 10:55:49 CET 2017


Hi,
 One of the items that have been on my todo-list after discussing with
application writers of multi-threaded applications (mainly servers),
is addressing the issue of synchronization for the random generator.
Currently gnutls provides a "central" random generator based on yarrow
(for keys) and salsa20 (for nonces) primitives, and it is thread safe
by utilizing mutexes over it. An application that has more than
100-200 threads is most likely to spend more time in synchronization
rather than the random generator itself. A solution to that would be
to provide a thread-local random generator which will work lock-free,
at the cost of additional memory per-thread -around 600-700 bytes for
the current generator-.

I have an experimental patch set, implementing this idea at:
https://gitlab.com/gnutls/gnutls/merge_requests/259

On the patch above, the additional cost per thread will only be for
threads actually utilizing gnutls, and in particular the random
generator, as the required memory will be allocated after the first
call to gnutls_rnd() by the thread.

Are there any objections on such an enhancement to gnutls, or
suggestions on how such a lock-free random generator could be improved
(in terms of memory utilization for example)?

regards,
Nikos



More information about the Gnutls-devel mailing list