New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Connecting to the same listener from the same place twice simultaneously is failing frequently with passphrase error... #2412
Comments
Attaching heavy server + client logs from an example of it happening. And two logs where there is a 1s delay on the client, but otherwise the exact same code, showing the issue not occurring: |
I think I may have figured this out. Applying the change here #2413 appears to fix the issue, although I need to test it some more as this solution was identified by eyeballing the code rather than anything systematic. The mbedtls crypto SPR currently uses a static MD context in the PBKDF; the change above creates one for each call so that multiple threads can call the PBKDF at the same time without interfering with each other, which I think is what was happening. For reference, here is the RIST equivalent code. With my change, SRT now does it the same way as RIST.
There are still a couple of static objects in the MbedTLS SPR, maybe someone can comment on whether these are unsafe too. The other Crypto SPRs do not have any static data. |
I think there is still an issue relating to concurrent handshaking and the MbedTLS SPR. In this crash T46 has got hold of the SPR instance, while T44 appears to be still initialising it. I imagine you can probably reproduce this quite easily by just spinning up multiple connections all at once, using the MbedTLS. In my case, the issue occurs occasionally with 4 connections. |
So looking at the three SPRs, MbedTLS is the only one with static data. However, all three do a check for the "open" function having been filled in, to prevent multiple initialisation. This still doesn't seem safe though as multiple threads could still be in this function at the same time, if the "open" function has not yet been set. i.e. T1 could have got as far as setting "open" but not the other functions, while T2 enters the function, sees that "open" has been set and so assumes everything else has been set, even though T1 hasn't finished yet. It might then call a function which hadn't yet been set. Most likely it would very rarely been an issue with the OpenSSL and GNUTLS SPRs, because they only do some trivial setting of functions, but it's still technically flawed. MbedTLS obviously does further static initialisation which increases the likelihood of multiple threads trampling on each other. Safest option appears to be a static mutex with a scoped lock at the top of this function:
This necessitates including "sync.h" though, which in-turn requires cryspr-mbedtls.c (and the OpenSSL and GNUTLS equivalents) to either be changed to ".cpp" files or compiled as CPP files. If you are happy with this solution @maxsharabayko then I don't mind making a PR with this additional lock + renaming the files to.cpp. |
See PR #2425 |
Yes I’ve had no problems since those fixes. |
Remote server starts listening.
Client application opens up two connections at the same time to the server:
With encryption enabled, via MbedTLS 2.x.x (i.e. supplying passphrase), most times one or both of the connection attempts fail with invalid passphrase (BADSECRET) on server. I double checked I was definitely passing the correct passphrase into the socket option, and I was.
With encryption disabled, connections work.
With encryption enabled, but a delay of 1s between connection attempts, allows it to work.
Is this an allowable use-case? Maybe there is some client and/or server side state relating to MbedTLS? Since the two connections will have a unique source port, they must be seen as separate connections, but maybe there is some sort of state associated with only the IP-address on the server or something that gets accessed/written to at the same time?
The text was updated successfully, but these errors were encountered: