On 07/02/2011 05:43 AM, Sam Varshavchik wrote:
> A long and painful debugging session seems to indicate that the root
> of my problems is that gnutls_rsa_params_export_pkcs1() is not thread
> safe. I was invoking this function with the same
> gnutls_rsa_params_t, concurrently from multiple threads.
Thanks, there was some optimization in gnutls_rsa_params_t that caused
this issue. The attached patch should fix your problem.
However do you really need the gnutls_rsa_params_t? They are only
used for the RSA-EXPORT ciphersuites that shouldn't be used normally.
regards,
Nikos
diff --git a/lib/gnutls_rsa_export.c b/lib/gnutls_rsa_export.c
index 42b4a9d..9647a56 100644
--- a/lib/gnutls_rsa_export.c
+++ b/lib/gnutls_rsa_export.c
@@ -94,8 +94,6 @@ gnutls_rsa_params_init (gnutls_rsa_params_t * rsa_params)
return ret;
}
- (*rsa_params)->crippled = 1;
-
return 0;
}
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 7982bdc..bcc2a2c 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -106,16 +106,12 @@ gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst,
gnutls_x509_privkey_t src)
dst->params.flags = src->params.flags;
dst->pk_algorithm = src->pk_algorithm;
- dst->crippled = src->crippled;
- if (!src->crippled)
+ ret = _gnutls_asn1_encode_privkey (dst->pk_algorithm, &dst->key,
&dst->params);
+ if (ret < 0)
{
- ret = _gnutls_asn1_encode_privkey (dst->pk_algorithm, &dst->key,
&dst->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ gnutls_assert ();
+ return ret;
}
return 0;
@@ -717,14 +713,11 @@ gnutls_x509_privkey_import_rsa_raw2
(gnutls_x509_privkey_t key,
goto cleanup;
}
- if (!key->crippled)
+ ret = _gnutls_asn1_encode_privkey (GNUTLS_PK_RSA, &key->key, &key->params);
+ if (ret < 0)
{
- ret = _gnutls_asn1_encode_privkey (GNUTLS_PK_RSA, &key->key,
&key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ gnutls_assert ();
+ goto cleanup;
}
key->params.params_nr = RSA_PRIVATE_PARAMS;
@@ -811,14 +804,11 @@ gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t
key,
goto cleanup;
}
- if (!key->crippled)
+ ret = _gnutls_asn1_encode_privkey (GNUTLS_PK_DSA, &key->key, &key->params);
+ if (ret < 0)
{
- ret = _gnutls_asn1_encode_privkey (GNUTLS_PK_DSA, &key->key,
&key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ gnutls_assert ();
+ goto cleanup;
}
key->params.params_nr = DSA_PRIVATE_PARAMS;
@@ -953,7 +943,6 @@ gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
size_t * output_data_size)
{
const char *msg;
- int ret;
if (key == NULL)
{
@@ -970,16 +959,6 @@ gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
else
msg = "UNKNOWN";
- if (key->crippled)
- { /* encode the parameters on the fly. */
- ret = _gnutls_asn1_encode_privkey (key->pk_algorithm, &key->key,
&key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
return _gnutls_x509_export_int (key->key, format, msg,
output_data, output_data_size);
}
@@ -1361,14 +1340,11 @@ gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
return ret;
}
- if (!key->crippled)
+ ret = _gnutls_asn1_encode_privkey (algo, &key->key, &key->params);
+ if (ret < 0)
{
- ret = _gnutls_asn1_encode_privkey (algo, &key->key, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ gnutls_assert ();
+ goto cleanup;
}
key->pk_algorithm = algo;
@@ -1411,7 +1387,7 @@ gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
digest_hd_st hd;
gnutls_datum_t der = { NULL, 0 };
- if (key == NULL || key->crippled)
+ if (key == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
@@ -1657,8 +1633,7 @@ gnutls_x509_privkey_fix (gnutls_x509_privkey_t key)
return GNUTLS_E_INVALID_REQUEST;
}
- if (!key->crippled)
- asn1_delete_structure (&key->key);
+ asn1_delete_structure (&key->key);
ret = _gnutls_asn1_encode_privkey (key->pk_algorithm, &key->key,
&key->params);
if (ret < 0)
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 942087d..92567c1 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -1056,14 +1056,11 @@ _decode_pkcs8_dsa_key (ASN1_TYPE pkcs8_asn,
gnutls_x509_privkey_t pkey)
_gnutls_mpi_powm (pkey->params.params[3], pkey->params.params[2],
pkey->params.params[4],
pkey->params.params[0]);
- if (!pkey->crippled)
+ ret = _gnutls_asn1_encode_privkey (GNUTLS_PK_DSA, &pkey->key, &pkey->params);
+ if (ret < 0)
{
- ret = _gnutls_asn1_encode_privkey (GNUTLS_PK_DSA, &pkey->key,
&pkey->params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ gnutls_assert ();
+ goto error;
}
pkey->params.params_nr = DSA_PRIVATE_PARAMS;
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index 41ed582..c42bc04 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -109,12 +109,6 @@ typedef struct gnutls_x509_privkey_int
gnutls_pk_algorithm_t pk_algorithm;
- /* The crippled keys will not use the ASN1_TYPE key. The encoding
- * will only be performed at the export phase, to optimize copying
- * etc. Cannot be used with the exported API (used internally only).
- */
- int crippled;
-
ASN1_TYPE key;
} gnutls_x509_privkey_int;
_______________________________________________
Help-gnutls mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/help-gnutls
