[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: thread safety in gnutls [was: Re: Handshake and verification]
|
From: |
Daniel Kahn Gillmor |
|
Subject: |
Re: thread safety in gnutls [was: Re: Handshake and verification] |
|
Date: |
Wed, 09 Dec 2009 10:45:58 -0500 |
|
User-agent: |
Mozilla-Thunderbird 2.0.0.22 (X11/20091109) |
On 12/09/2009 10:29 AM, address@hidden wrote:
> No, I had actually read this, but forgotten about it. However, when I
> tried it, i.e.,
[...]
> I got this error from the call to `generate_rsa_params':
>
> Ohhhh jeeee: operation is not possible without initialized secure memory
> Aborted
You're probably using a gcrypt version earlier than 1.4.3, when they
added a default initialization of secure memory. Try adding the
following after the THREAD_CBS, but before the global_init to initialize
gcrypt's secure memory explicitly:
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
for further reference, you can read here:
http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html
but unfortunately, the documentation for initializing gcrypt isn't
terribly clear. I've asked for improved documentation on that recently,
but haven't gotten much of a response:
http://lists.gnupg.org/pipermail/gcrypt-devel/2009-October/001504.html
I'm afraid i don't know the library well enough myself to write improved
documentation for it, though.
--dkg
signature.asc
Description: OpenPGP digital signature