GH470: Synchronize access to a shared KeyPairGenerator, which may not be thread-safe.

zakharovsergey1000 · zakharovsergey1000 · commit a90aa9f2d42d · 2024-02-25T15:22:46.000+03:00
The keyPairGenerator object in the MontgomeryCurve is a bouncycastle implementation
of the java.security.KeyPairGenerator class. The generateKeyPair method in class
org.bouncycastle.jcajce.provider.asymmetric.edec.KeyPairGeneratorSpi is not thread safe,
so calling the keyPairGenerator.generateKeyPair method must be synchronized.
diff --git a/sshd-core/src/main/java/org/apache/sshd/common/kex/MontgomeryCurve.java b/sshd-core/src/main/java/org/apache/sshd/common/kex/MontgomeryCurve.java
@@ -153,7 +153,9 @@ public Digest createDigest() {
     }
 
     public KeyPair generateKeyPair() {
-        return keyPairGenerator.generateKeyPair();
+        synchronized (this) {
+            return keyPairGenerator.generateKeyPair();
+        }
     }
 
     public byte[] encode(PublicKey key) throws InvalidKeyException {

Original file line number	Diff line number	Diff line change
`@@ -153,7 +153,9 @@ public Digest createDigest() {`
`153`	`153`	`}`
`154`	`154`
`155`	`155`	`public KeyPair generateKeyPair() {`
`156`		`- return keyPairGenerator.generateKeyPair();`
	`156`	`+ synchronized (this) {`
	`157`	`+ return keyPairGenerator.generateKeyPair();`
	`158`	`+ }`
`157`	`159`	`}`
`158`	`160`
`159`	`161`	`public byte[] encode(PublicKey key) throws InvalidKeyException {`