Skip to content

Initialize crypto API only once #1779

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 22, 2021
Merged

Initialize crypto API only once #1779

merged 3 commits into from
Jul 22, 2021

Conversation

jan-cerny
Copy link
Member

The function crapi_init calls gcry_check_version which must be
called before any other function from the Libgcrypt library. That might
be violated when multiple threads executing multiple probes are running.
The mitigation proposed in this PR is to call crapi_init only once
when the session is initialized which means before any threads are
spawned.

See also: https://www.gnupg.org/documentation/manuals/gcrypt/Multi_002dThreading.html#Multi_002dThreading

Resolves: RHBZ#1959570

@lgtm-com
Copy link

lgtm-com bot commented Jul 8, 2021

This pull request introduces 1 alert when merging 9e15848 into f52f306 - view on LGTM.com

new alerts:

  • 1 for Implicit function declaration

@jan-cerny
Copy link
Member Author

so this time tests/API/XCCDF/unittests/test_remediate_simple.sh passed therefore which means that it fails unreliably

jan-cerny added 3 commits July 16, 2021 09:07
@jan-cerny
Initialize crypto API only once
5c42222 
The function `crapi_init` calls `gcry_check_version` which must be
called before any other function from the Libgcrypt library. That might
be violated when multiple threads executing multiple probes are running.
The mitigation proposed in this PR is to call `crapi_init` only once
when the session is initialized which means before any threads are
spawned.

See also: https://www.gnupg.org/documentation/manuals/gcrypt/Multi_002dThreading.html#Multi_002dThreading

Resolves: RHBZ#1959570
@jan-cerny
Add a missing include
c4c26d9
@jan-cerny
Don't initialize crypto on Windows
6241a88
@jan-cerny
Copy link
Member Author

rebased on maint-1.3

@jan-cerny jan-cerny marked this pull request as ready for review July 16, 2021 07:14
evgenyz
evgenyz approved these changes Jul 22, 2021
View reviewed changes
Copy link
Contributor

@evgenyz evgenyz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@evgenyz evgenyz merged commit 5f4c01c into OpenSCAP:maint-1.3 Jul 22, 2021
jan-cerny added a commit to jan-cerny/openscap that referenced this pull request Jul 28, 2021
@jan-cerny
Add a regression test for rhbz#1959570
05faede 
The bug was a segmentation fault in filehash58 probe which happened
in openscap-1.3.3-6.el8_3.

The bug was fixed by OpenSCAP#1779
and this patch adds a very small test.
@jan-cerny jan-cerny mentioned this pull request Jul 28, 2021
Merged
@jan-cerny jan-cerny added this to the 1.3.6 milestone Aug 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evgenyz evgenyz evgenyz approved these changes

@ggbecker ggbecker Awaiting requested review from ggbecker

@matusmarhefka matusmarhefka Awaiting requested review from matusmarhefka

@mildas mildas Awaiting requested review from mildas

@yuumasato yuumasato Awaiting requested review from yuumasato

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.3.6
Development

Successfully merging this pull request may close these issues.
2 participants
@jan-cerny @evgenyz