Rivoreo Source Code Repositories
src.rivoreo.one / security / mbedtls / 88fca3ef0e497a64d39ee40766e8b780beaba914
commit88fca3ef0e497a64d39ee40766e8b780beaba914[log] [download]
authorManuel Pégourié-Gonnard <mpg@elzevir.fr>Fri Mar 27 15:06:07 2015 +0100
committerManuel Pégourié-Gonnard <mpg@elzevir.fr>Fri Mar 27 15:12:05 2015 +0100
tree91b2dd78f031816f964956654e6ba96bf53b40cb
parent39ead3ef2f7513352c415136737c2c8a00ccb4ac [diff]
Fix thread safety issue in RSA operations

The race was due to mpi_exp_mod storing a Montgomery coefficient in the
context (RM, RP, RQ).

The fix was verified with -fsanitize-thread using ssl_pthread_server and two
concurrent clients.

A more fine-grained fix should be possible, locking just enough time to check
if those values are OK and set them if not, rather than locking for the whole
mpi_exp_mod() operation, but it will be for later.
2 files changed
tree: 91b2dd78f031816f964956654e6ba96bf53b40cb
  1. .gitignore
  2. .travis.yml
  3. CMakeLists.txt
  4. ChangeLog
  5. DartConfiguration.tcl
  6. LICENSE
  7. Makefile
  8. README.rst
  9. configs/
  10. doxygen/
  11. include/
  12. library/
  13. programs/
  14. scripts/
  15. tests/
  16. visualc/