gnutls_rsa_params_export_pkcs1 not thread safe
mrsam at courier-mta.com
Sat Jul 2 05:43:28 CEST 2011
A long and painful debugging session seems to indicate that the root of my
problems is that gnutls_rsa_params_export_pkcs1() is not thread safe. I was
invoking this function with the same gnutls_rsa_params_t, concurrently from
The way I'm tracing the logic, my gnutls_params_t gets passed to
gnutls_x509_privkey_export(), and then to _gnutls_asn1_encode_rsa(). The
first parameter that _gnutls_asn1_encode_rsa receives is a pointer to the
"key" member of the structure that gnutls_rsa_params_t points to.
It looks to me that _gnutls_asn1_encode_rsa() ends up writing to the "key"
member in this fashion. Because I'm exporting gnutls_rsa_params_t
concurrently from multiple threads, they end up stomping on each other. And,
when 'key' is already populated, _gnutls_asn1_encode_rsa() attempts to free
it. That, I believe, is the reason why glibc's is accusing me of double-
freeing something, and nuking me from high orbit.
Ok, I'll protect the whole thing with my own mutex. Problem solved, I think.
But, it just bugs me that I had absolutely no clue that
gnutls_rsa_params_export_pkcs1() could possibly be not thread safe. I missed
this entirely. I had nothing to suggest that it modifies the
gnutls_rsa_params_t. I've read the part of the docs that talk about thread
safety, I declare GCRY_THREAD_OPTION_PTHREAD_IMPL and invoke
gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread), before
gnutls_global_init(), I thought that I had my bases covered; so I'm
wondering what else is not thread-safe, and I need to protect it with a
What about gnutls_rsa_params_export_raw()? Is that thread safe? What about
gnutls_dh_params_export_pkcs3() and gnutls_dh_params_export_raw()?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: not available
More information about the Gnutls-help