SwitchEmu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2026-03-11 21:36:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix thread safety issue in RSA operations

Browse Source 
The race was due to mpi_exp_mod storing a Montgomery coefficient in the
context (RM, RP, RQ).

The fix was verified with -fsanitize-thread using ssl_pthread_server and two
concurrent clients.

A more fine-grained fix should be possible, locking just enough time to check
if those values are OK and set them if not, rather than locking for the whole
mpi_exp_mod() operation, but it will be for later.
This commit is contained in:
Manuel Pégourié-Gonnard
2015-03-27 15:06:07 +01:00
parent 39ead3ef2f
commit 88fca3ef0e
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -25,6 +25,7 @@ Features
errors on use of deprecated functions.
Bugfix
* Fix thread safety bug in RSA operations (found by Fredrik Axelsson).
* Fix hardclock() (only used in the benchmarking program) with some
versions of mingw64 (found by kxjhlele).
* Fix warnings from mingw64 in timing.c (found by kxjklele).