From 09899ddfadafdbcad6cbacaab09b9bf6f9846dd8 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 24 Mar 2022 11:12:15 +0100 Subject: [PATCH] make loadAes more robust --- cmd/mksyscall/main.go | 2 +- cng/aes.go | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/cmd/mksyscall/main.go b/cmd/mksyscall/main.go index a1ae4c0..772ec92 100644 --- a/cmd/mksyscall/main.go +++ b/cmd/mksyscall/main.go @@ -92,7 +92,7 @@ func generateSyscalls() []byte { var bout bytes.Buffer cmd.Stdout = &bout cmd.Stderr = os.Stderr - cmd.Env = append(os.Environ(), "GOROOT=" + wd) + cmd.Env = append(os.Environ(), "GOROOT="+wd) err = cmd.Run() if err != nil { log.Fatal(err) diff --git a/cng/aes.go b/cng/aes.go index d0bba10..5fe51af 100644 --- a/cng/aes.go +++ b/cng/aes.go @@ -43,18 +43,24 @@ func loadAes(id string, mode string) (h aesAlgorithm, err error) { // but Windows 7 requires that it be set on the algorithm before key creation. err = setString(bcrypt.HANDLE(h.h), bcrypt.CHAINING_MODE, mode) if err != nil { + bcrypt.CloseAlgorithmProvider(h.h, 0) return } var info bcrypt.KEY_LENGTHS_STRUCT var discard uint32 err = bcrypt.GetProperty(bcrypt.HANDLE(h.h), utf16PtrFromString(bcrypt.KEY_LENGTHS), (*(*[1<<31 - 1]byte)(unsafe.Pointer(&info)))[:unsafe.Sizeof(info)], &discard, 0) if err != nil { + bcrypt.CloseAlgorithmProvider(h.h, 0) return } for size := info.MinLength; size <= info.MaxLength; size += info.Increment { h.allowedKeySized = append(h.allowedKeySized, int(size)) } - aesCache.Store(aesCacheEntry{id, mode}, h) + if existing, loaded := aesCache.LoadOrStore(aesCacheEntry{id, mode}, h); loaded { + // We can safely use a provider that has already been cached in another concurrent goroutine. + bcrypt.CloseAlgorithmProvider(h.h, 0) + h = existing.(aesAlgorithm) + } return }