[gnutls-devel] session ticket key rotation

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Nov 15 08:26:38 CET 2016

On Tue, Nov 15, 2016 at 7:14 AM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
>> What about CPUs where writing to a memory location is not an atomic
>> operation... i.e., if on line 22, some reader instead of getting the
>> old or the new value of pool->current_key, gets some intermediate
>> value? Are these of a concern?
> So i can imagine, say, the first half of the RAM being from key N and
> the second half of the RAM being from key N+1 for that slot.  In that
> case, no existing tickets for that slot (which had been issued nearly a
> full rotation cycle ago) would validate during that window.  but that's
> fine, they're about to be invalidated anyway.  The bigger risk would be
> if new tickets were issued during that case, but that wouldn't happen
> because we update current_key *after* the key is updated.  So i still
> don't see a problem.

The thing is that there is no guarrantee from the language about the
contents of the intermediate values. For practical purposes though, I
think variables which are word-aligned should be ok to access (though
the safe C11 version is something I prefer, even if it is within

> Thanks for the thoughtful review!  let me know if you have any other
> concerns or suggestions about the proposal.  If you think it's in decent
> shape, should i open a gitlab ticket to track it?

Makes sense.


More information about the Gnutls-devel mailing list