Re: [mbed-tls] How to setup config.h to make memory_buffer_alloc_init() thread-safe? - mbed-tls

19 Jul 2021


      Hi Shariful,
First, please note that the library called PolarSSL with functions like
rsa_private() and memory_buffer_alloc_init() has not been supported for
several years. You should upgrade to Mbed TLS, with functions like
mbedtls_rsa_private() and mbedtls_memory_buffer_alloc_init(). That being
said, the memory_buffer_alloc module works in the same way.
Normally, applications call mbedtls_memory_buffer_alloc_init() in the
startup code of the initial thread, before creating other threads. The
alloc/free functions are thread-safe, but the initialization and
deinitialization functions aren't. If you must call
mbedtls_memory_buffer_alloc_init() after creating other threads, make
sure that no thread calls mbedtls_calloc until
mbedtls_memory_buffer_alloc_init() has returned.
The same principle applies to other parts of Mbed TLS that are
thread-safe. For example, only the RSA operations (encryption,
decryption, signature, verification, and also the low-level functions
mbedtls_rsa_public() and mbedtls_rsa_private()) are protected. So you
must finish setting up the RSA key inside one thread before you pass a
pointer to other threads. Similarly, only mbedtls_xxx_drbg_random() is
thread-safe, and the RNG setup (including mbedtls_xxx_drgb_seed())
should be done as part of the initial application startup.
Finally, note that mbedtls_rsa_private() alone cannot decrypt a message:
all it does it to apply the private key operation. To decrypt a simple
message encrypted with RSA-OAEP, call mbedtls_rsa_rsaes_oaep_decrypt()
or mbedtls_rsa_pkcs1_decrypt() with a key set up for
MBEDTLS_RSA_PKCS_V21 encoding. To use the legacy PKCS#1v1.5 mechanism,
call mbedtls_rsa_rsaes_pkcs1_v15_decrypt() or
mbedtls_rsa_pkcs1_decrypt() with a key set up for .MBEDTLS_RSA_PKCS_V15.
To decrypt a message using a RSA FDH hybrid scheme, you do need to call
mbedtls_rsa_private() since Mbed TLS doesn't support it natively, but
what this gives you is the intermediate secret from which you then need
to derive a symmetric key, not the message itself.
Best regards,
-- 
Gilles Peskine
Mbed TLS developer

On 18/07/2021 07:16, Shariful Alam via mbed-tls wrote:
> Hello,
> I have a simple example code to decrypt an encrypted message using
> *rsa_private()*. I use *memory_buffer_alloc_init(),  *in order to use
> a static memory for the computation. I want to run my code
> concurrently. My code works with a single pthread. However, when I try
> to run more than one thread my program fails to decrypt. 
>
> ** I check the same code without *memory_buffer_alloc_init(), *it
> works concurrently, without any issues at all. 
>
> Therefore, I believe, the issue that I'm facing is coming from the use
> of static memory(e.g. *memory_buffer_alloc_init()*). The documentation
> of memorry_buffer_alloc.h shows,
>
>     /** 
>
>     * \brief   Initialize use of stack-based memory allocator. 
>
>     *           The stack-based allocator does memory management
>     inside the 
>
>     *          presented buffer and does not call malloc() and free(). 
>
>     *          It sets the global polarssl_malloc() and
>     polarssl_free() pointers 
>
>     *          to its own functions. 
>
>     *          (Provided polarssl_malloc() and polarssl_free() are
>     thread-safe if 
>
>     *           POLARSSL_THREADING_C is defined)
>
>     * 
>
>     * \note    This code is not optimized and provides a straight-forward 
>
>     *          implementation of a stack-based memory allocator. 
>
>     * 
>
>     * \param buf   buffer to use as heap 
>
>     * \param len   size of the buffer 
>
>     * 
>
>     * \return              0 if successful 
>
>     */   
>
>
> So, I added the following configuration to the *config.h* file  
>
>     1. #define POLARSSL_THREADING_PTHREAD
>     2. #define POLARSSL_THREADING_C
>
> But I'm still getting errors while decrypting. Any help on how to fix
> this? or what else should I add into the config.h file to
> make *memory_buffer_alloc_init() *thread-safe? Here is my sample
> code: https://pastebin.com/uyW3vknt https://pastebin.com/uyW3vknt
>
> Thanks,
> Shariful
>