Bug#448775: Uses too much entropy (Debian Bug #343085)
Ian Goldberg
linux at paip.net
Fri Jan 4 16:33:43 CET 2008
On Fri, Jan 04, 2008 at 03:16:57PM +0100, Simon Josefsson wrote:
> There is also the problem if something other than gnutls has already
> initialized libgcrypt. This could happen if exim links to some other
> library that uses libgcrypt, for example, a LDAP or database library,
> which gets initialized before. I'm not sure what we can do about this
> situation. I also dislike global functions like this.
This is a nontrivial problem. If there are multiple clients of
libgcrypt, and they use the globals in different ways, Bad Things
happen. I've run into this with the Off-the-Record Messaging (OTR)
plugin for pidgin: if another plugin (say, Jabber) uses gnutls, which
initializes libgcrypt, and OTR also initializes libgcrypt (perhaps with
custom allocation functions), you can easily cause a crash.
It would be very nice to have all of the libgcrypt global state
encapsulated into a dynamically allocated region that's returned by the
libgcrypt initialization, and passed into all other functions. [Macros
could be provided that automatically reference the most recent
allocation for backwards compatibility purposes.]
- Ian
More information about the Gnutls-devel
mailing list