mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-03 23:43:40 +00:00
Fix mutex double-free in RSA
When MBEDTLS_THREADING_C is enabled, RSA code protects the use of the key with a mutex. mbedtls_rsa_free() frees this mutex by calling mbedtls_mutex_free(). This does not match the usage of mbedtls_mutex_free(), which in general can only be done once. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
914afe1fdb
commit
eb94059edd
@ -490,6 +490,9 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
|
|||||||
mbedtls_rsa_set_padding( ctx, padding, hash_id );
|
mbedtls_rsa_set_padding( ctx, padding, hash_id );
|
||||||
|
|
||||||
#if defined(MBEDTLS_THREADING_C)
|
#if defined(MBEDTLS_THREADING_C)
|
||||||
|
/* Set ctx->ver to nonzero to indicate that the mutex has been
|
||||||
|
* initialized and will need to be freed. */
|
||||||
|
ctx->ver = 1;
|
||||||
mbedtls_mutex_init( &ctx->mutex );
|
mbedtls_mutex_init( &ctx->mutex );
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@ -2481,7 +2484,6 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
|
|||||||
RSA_VALIDATE_RET( dst != NULL );
|
RSA_VALIDATE_RET( dst != NULL );
|
||||||
RSA_VALIDATE_RET( src != NULL );
|
RSA_VALIDATE_RET( src != NULL );
|
||||||
|
|
||||||
dst->ver = src->ver;
|
|
||||||
dst->len = src->len;
|
dst->len = src->len;
|
||||||
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->N, &src->N ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->N, &src->N ) );
|
||||||
@ -2540,7 +2542,12 @@ void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
|
|||||||
#endif /* MBEDTLS_RSA_NO_CRT */
|
#endif /* MBEDTLS_RSA_NO_CRT */
|
||||||
|
|
||||||
#if defined(MBEDTLS_THREADING_C)
|
#if defined(MBEDTLS_THREADING_C)
|
||||||
mbedtls_mutex_free( &ctx->mutex );
|
/* Free the mutex, but only if it hasn't been freed already. */
|
||||||
|
if( ctx->ver != 0 )
|
||||||
|
{
|
||||||
|
mbedtls_mutex_free( &ctx->mutex );
|
||||||
|
ctx->ver = 0;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user