From: "Reddie, Steven" <[EMAIL PROTECTED]> Steven.Reddie> I've come across four race conditions in the following Steven.Reddie> functions in rsa_eay.c: Steven.Reddie> RSA_public_encrypt Steven.Reddie> RSA_public_decrypt Steven.Reddie> RSA_eay_mod_exp (x2) Steven.Reddie> Steven.Reddie> These can cause unexpected failure of the RSA_eay_ Steven.Reddie> encryption/decryption functions for both public and Steven.Reddie> private key operations. The problem occurs when more Steven.Reddie> than one thread simultaneously uses the same RSA key Hmm, someone else needs to tell us if this is meant to be supported or not for now. However, when it comes to the locking part, for now CRYPTO_LOCK_RSA is probably the more appropriate one, but what we really should have is a lock for each instance of the RSA structure (or any structure). I've talked about this some time ago, perhaps it's time to do more than just talking... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Software Engineer, Celo Communications: http://www.celocom.com/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: My patch to rsa_eay.c didn't seem to get accepted
Richard Levitte - VMS Whacker Thu, 14 Dec 2000 01:17:13 -0800
- My patch to rsa_eay.c didn't seem to get acc... Reddie, Steven
- Re: My patch to rsa_eay.c didn't seem t... Richard Levitte - VMS Whacker
- Re: My patch to rsa_eay.c didn't se... Geoff Thorpe
- RE: My patch to rsa_eay.c didn't seem t... Reddie, Steven