thread safety in gnutls [was: Re: Handshake and verification]

Daniel Kahn Gillmor dkg at
Wed Dec 9 16:45:58 CET 2009

On 12/09/2009 10:29 AM, lfinsto at wrote:
> No, I had actually read this, but forgotten about it.  However, when I
> tried it, i.e.,


> I got this error from the call to `generate_rsa_params':
> Ohhhh jeeee: operation is not possible without initialized secure memory
> Aborted

You're probably using a gcrypt version earlier than 1.4.3, when they
added a default initialization of secure memory.  Try adding the
following after the THREAD_CBS, but before the global_init to initialize
gcrypt's secure memory explicitly:

  gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);

for further reference, you can read here:

but unfortunately, the documentation for initializing gcrypt isn't
terribly clear.  I've asked for improved documentation on that recently,
but haven't gotten much of a response:

I'm afraid i don't know the library well enough myself to write improved
documentation for it, though.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20091209/707bd7c4/attachment.pgp>

More information about the Gnutls-devel mailing list