Bug#448775: Uses too much entropy (Debian Bug #343085)

Ian Goldberg linux at paip.net
Fri Jan 4 16:33:43 CET 2008

On Fri, Jan 04, 2008 at 03:16:57PM +0100, Simon Josefsson wrote:
> There is also the problem if something other than gnutls has already
> initialized libgcrypt.  This could happen if exim links to some other
> library that uses libgcrypt, for example, a LDAP or database library,
> which gets initialized before.  I'm not sure what we can do about this
> situation.  I also dislike global functions like this.

This is a nontrivial problem.  If there are multiple clients of
libgcrypt, and they use the globals in different ways, Bad Things
happen.  I've run into this with the Off-the-Record Messaging (OTR)
plugin for pidgin: if another plugin (say, Jabber) uses gnutls, which
initializes libgcrypt, and OTR also initializes libgcrypt (perhaps with
custom allocation functions), you can easily cause a crash.

It would be very nice to have all of the libgcrypt global state
encapsulated into a dynamically allocated region that's returned by the
libgcrypt initialization, and passed into all other functions.  [Macros
could be provided that automatically reference the most recent
allocation for backwards compatibility purposes.]

   - Ian

More information about the Gnutls-devel mailing list