Re: Potential memory leak in RSA_private_decrypt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 08/11/17 09:47, Wang wrote:
> Hello Matt,
> 
> Thank you for trying to help.
> 
>>>> Is this the "bottom" of the OpenSSL stack? i.e. your application calls 
>>>> RSA_private_decrypt() directly? 
> Yes, it does.
> 
>>>> Do you share a single RSA object across multiple threads? 
> Yes, my application shares a single RSA object across many concurrent
> threads. Namely RSA_private_decrypt()  is called with the same RSA object
> concurrently across many threads.
> 
> Does this cause any issue? I checked OpenSSL document, but didn't find
> anything related to this kind of restriction
> (https://www.openssl.org/docs/manmaster/man3/RSA_public_encrypt.html). Or
> this restriction is undocumented? 

https://www.openssl.org/docs/faq.html#PROG1

>From the FAQ:

"1. Is OpenSSL thread-safe?

Yes but with some limitations; for example, an SSL connection cannot be
used concurrently by multiple threads. This is true for most OpenSSL
objects.

..."

This is also true for the RSA object. Temporary, thread specific
blinding state is held in the RSA object so it cannot be shared across
multiple threads.

Matt
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux