feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix race condition with RsaKey

Browse Source 
When RsaKey is shared and RsaPublicEncryptEx is called simultaneously by multiple threads, the key->state may be incorrectly set in some threads. This side-steps the state logic when building for bind9.
This commit is contained in:
Juliusz Sosinowicz
2021-06-09 19:09:46 +02:00
parent 69948b3648
commit 763aa9b66d
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
wolfcrypt/src/rsa.c
View File

@@ -2930,7 +2930,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
byte* label, word32 labelSz, int saltLen, byte* label, word32 labelSz, int saltLen,
WC_RNG* rng) WC_RNG* rng)
{ {
int ret, sz; int ret, sz, state;
if (in == NULL || inLen == 0 || out == NULL || key == NULL) { if (in == NULL || inLen == 0 || out == NULL || key == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -2954,7 +2954,17 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
return RSA_BUFFER_E; return RSA_BUFFER_E;
} }
switch (key->state) { #ifndef WOLFSSL_BIND
state = key->state;
#else
/* Bind9 shares the EVP_PKEY struct across multiple threads so let's just
* force a restart on each RsaPublicEncryptEx call for it. */
state = RSA_STATE_NONE;
#ifdef WOLFSSL_ASYNC_CRYPT
#error wolfSSL does not handle building bind support with async crypto
#endif
#endif
switch (state) {
case RSA_STATE_NONE: case RSA_STATE_NONE:
case RSA_STATE_ENCRYPT_PAD: case RSA_STATE_ENCRYPT_PAD:
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \ #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \