[zeromq-dev] curve: libsodium thread safety

T. Linden cpan at linden.at
Thu May 1 18:37:37 CEST 2014


In fact, under certain conditions crypto even fails when sodium_init()
haven't been called. See https://github.com/jedisct1/libsodium/issues/100.

- Tom

On Thu, May 01, 2014 at 04:27:39PM +0200, Pieter Hintjens wrote:
> Sounds like you've identified a problem. There are two classes that
> use libsodium; best would be to call sodium_init() in either of these,
> the first time they're used, under control of a mutex to prevent
> races.
> 
> Do you want to try making this change and sending us a pull request?
> 
> On Thu, May 1, 2014 at 1:37 PM, Frank Hartmann <soundart at gmx.net> wrote:
> > Hi,
> >
> > I found the following text in libsodium/README.markdown
> > ----------------------------------------------------------------------
> > This is not required, however, before any other libsodium functions, it
> > is recommended to call:
> >
> >     sodium_init();
> >
> > This will pick optimized implementations of some primitives, if they
> > appear to work as expected after running some tests, and these will be
> > used for subsequent operations.
> > It will also initialize the pseudorandom number generator.
> > This function should only be called once, and before performing any other
> > operations.
> > Doing so is required to ensure thread safety of all the functions provided by
> > the library.
> > ----------------------------------------------------------------------
> >
> >
> > The import part beeing: "is required to ensure thread safety"
> >
> > The other important part is that libzmq does not seem to call
> > sodium_init() at all. I have the feeling that multiple zmq threads call
> > crypto_* functions. Is this indeed the case?
> >
> > kind regards
> >   Frank
> > _______________________________________________
> > zeromq-dev mailing list
> > zeromq-dev at lists.zeromq.org
> > http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.

-- 
    PGP Key: https://www.daemon.de/txt/tom-pgp-pubkey.txt
S/Mime Cert: https://www.daemon.de/txt/tom-smime-cert.pem
 Bitmessage: BM-2DAcYUx3xByfwbx2bYYxeXgq3zDscez8wC

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the zeromq-dev mailing list