Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com writes:
Currently gnutls provides a "central" random generator based on yarrow (for keys) and salsa20 (for nonces) primitives, and it is thread safe by utilizing mutexes over it. An application that has more than 100-200 threads is most likely to spend more time in synchronization rather than the random generator itself. A solution to that would be to provide a thread-local random generator which will work lock-free, at the cost of additional memory per-thread -around 600-700 bytes for the current generator-.
Would it make sense to handle the two cases differently, with a thread-local nonce-generator, but stick to a global key-generator protected by a mutex?
I imagine there are a lot more calls for nonces than for keys?
For the yarrow reseed logic, I think it may be preferable with a global instance.
Regards, /Niels