Fix nil deref in Paillier key handling

6bf87237 · Sietse Ringers · 6346523c · 6bf87237 · 6bf87237
Commit 6bf87237 authored Oct 10, 2017 by Sietse Ringers
--- a/manager.go
+++ b/manager.go
@@ -132,12 +132,15 @@ func NewCredentialManager(
 	if cm.attributes, err = cm.storage.LoadAttributes(); err != nil {
 		return nil, err
 	}
-	if cm.paillierKeyCache, err = cm.storage.LoadPaillierKeys(); err != nil {
+	if cm.keyshareServers, err = cm.storage.LoadKeyshareServers(); err != nil {
 		return nil, err
 	}
-	if cm.keyshareServers, err = cm.storage.LoadKeyshareServers(); err != nil {
+	if cm.paillierKeyCache, err = cm.storage.LoadPaillierKeys(); err != nil {
 		return nil, err
 	}
+	if cm.paillierKeyCache == nil {
+		cm.paillierKey(false)
+	}

 	unenrolled := cm.unenrolledKeyshareServers()
 	switch len(unenrolled) {
@@ -571,19 +574,28 @@ func (cm *CredentialManager) ConstructCredentials(msg []*gabi.IssueSignatureMess
 func (cm *CredentialManager) paillierKey(wait bool) *paillierPrivateKey {
 	cached := cm.paillierKeyCache
 	ch := make(chan bool)
-	go func() {
-		newkey, _ := paillier.GenerateKey(rand.Reader, 2048)
-		cm.paillierKeyCache = (*paillierPrivateKey)(newkey)
-		if wait && cached == nil {
-			ch <- true
-		}
-	}()
-	if wait && cached == nil {
+
+	// Would just write cm.paillierKeyCache instead of cached here, but the worker
+	// modifies cm.paillierKeyCache, and we must be sure that the boolean here and
+	// the if-clause below match.
+	go cm.paillierKeyWorker(cached == nil && wait, ch)
+	if cached == nil && wait {
 		<-ch
+		// generate yet another one for future calls, but no need to wait now
+		go cm.paillierKeyWorker(false, ch)
 	}
 	return cm.paillierKeyCache
 }

+func (cm *CredentialManager) paillierKeyWorker(wait bool, ch chan bool) {
+	newkey, _ := paillier.GenerateKey(rand.Reader, 2048)
+	cm.paillierKeyCache = (*paillierPrivateKey)(newkey)
+	cm.storage.StorePaillierKeys(cm.paillierKeyCache)
+	if wait {
+		ch <- true
+	}
+}
+
 func (cm *CredentialManager) unenrolledKeyshareServers() []*SchemeManager {
 	list := []*SchemeManager{}
 	for name, manager := range cm.ConfigurationStore.SchemeManagers {

--- a/storage.go
+++ b/storage.go
@@ -246,6 +246,9 @@ func (s *storage) LoadPaillierKeys() (key *paillierPrivateKey, err error) {
 	if err := s.load(key, paillierFile); err != nil {
 		return nil, err
 	}
+	if key.N == nil { // TODO this is ugly
+		return nil, nil
+	}
 	return key, nil
 }