Changes between 0.9.7g and 0.9.7h [XX xxx XXXX]
+ *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in
+ a threadsafe manner. Modify rsa code to use new function and add calls
+ to dsa and dh code (which had race conditions before).
+ [Steve Henson]
+
*) Include the fixed error library code in the C error file definitions
instead of fixing them up at runtime. This keeps the error code
structures constant.
Enable shared link on HP-UX.
-2005-04-22 07:17 steve
-
- Changed:
- CHANGES (1.977.2.156), "Exp", lines: +5 -0
- crypto/bn/bn.h (1.66.2.4), "Exp", lines: +2 -0
- crypto/bn/bn_mont.c (1.30.2.3), "Exp", lines: +20 -0
- crypto/dh/dh_key.c (1.16.2.4), "Exp", lines: +14 -10
- crypto/dsa/dsa_ossl.c (1.12.2.7), "Exp", lines: +12 -9
- crypto/rsa/rsa_eay.c (1.28.2.10), "Exp", lines: +16 -90
- fips/fipshashes.c (1.1.2.5), "Exp", lines: +3 -3
- fips/dh/fips_dh_key.c (1.1.2.4), "Exp", lines: +13 -10
- fips/dsa/fips_dsa_ossl.c (1.1.2.8), "Exp", lines: +12 -9
- fips/rsa/fips_rsa_eay.c (1.1.4.5), "Exp", lines: +17 -90
-
- New function BN_MONT_CTX_set_locked, to set montgomery parameters
- in a threadsafe manner.
-
- Modify or add calls to use it in rsa, dsa and dh
- algorithms.
-
-2005-04-23 06:46 nils
-
- Changed:
- crypto/dsa/dsa_ossl.c (1.12.2.8), "Exp", lines: +1 -1
- crypto/rsa/rsa_eay.c (1.28.2.11), "Exp", lines: +4 -4
-
- fix typo
-
void BN_MONT_CTX_free(BN_MONT_CTX *mont);
int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
+ const BIGNUM *mod, BN_CTX *ctx);
/* BN_BLINDING flags */
#define BN_BLINDING_NO_UPDATE 0x00000001
return(to);
}
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
+ const BIGNUM *mod, BN_CTX *ctx)
+ {
+ if (*pmont)
+ return *pmont;
+ CRYPTO_w_lock(lock);
+ if (!*pmont)
+ {
+ *pmont = BN_MONT_CTX_new();
+ if (*pmont && !BN_MONT_CTX_set(*pmont, mod, ctx))
+ {
+ BN_MONT_CTX_free(*pmont);
+ *pmont = NULL;
+ }
+ }
+ CRYPTO_w_unlock(lock);
+ return *pmont;
+ }
else
pub_key=dh->pub_key;
- if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+
+ if (dh->flags & DH_FLAG_CACHE_MONT_P)
{
- if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
- if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
- dh->p,ctx)) goto err;
+ mont = BN_MONT_CTX_set_locked(
+ (BN_MONT_CTX **)&dh->method_mont_p,
+ CRYPTO_LOCK_DH, dh->p, ctx);
+ if (!mont)
+ goto err;
}
- mont=(BN_MONT_CTX *)dh->method_mont_p;
if (generate_new_key)
{
DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
goto err;
}
- if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+
+ if (dh->flags & DH_FLAG_CACHE_MONT_P)
{
- if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
- if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
- dh->p,ctx)) goto err;
+ mont = BN_MONT_CTX_set_locked(
+ (BN_MONT_CTX **)&dh->method_mont_p,
+ CRYPTO_LOCK_DH, dh->p, ctx);
+ if (!mont)
+ goto err;
}
- mont=(BN_MONT_CTX *)dh->method_mont_p;
if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
{
DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
if (!BN_rand_range(&k, dsa->q)) goto err;
while (BN_is_zero(&k));
- if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
{
- if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
- if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
- dsa->p,ctx)) goto err;
+ if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
+ CRYPTO_LOCK_DSA,
+ dsa->p, ctx))
+ goto err;
}
/* Compute r = (g^k mod p) mod q */
/* u2 = r * w mod q */
if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
- if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+
+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
{
- if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
- if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
- dsa->p,ctx)) goto err;
+ mont = BN_MONT_CTX_set_locked(
+ (BN_MONT_CTX **)&dsa->method_mont_p,
+ CRYPTO_LOCK_DSA, dsa->p, ctx);
+ if (!mont)
+ goto err;
}
- mont=(BN_MONT_CTX *)dsa->method_mont_p;
DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);
return(&rsa_pkcs1_eay_meth);
}
-/* Static helper to reduce oodles of code duplication. As a slight
- * optimisation, the "MONT_HELPER() macro must be used as front-end to this
- * function, to prevent unnecessary function calls - there is an initial test
- * that is performed by the macro-generated code. */
-static int rsa_eay_mont_helper(BN_MONT_CTX **ptr, const BIGNUM *modulus, BN_CTX *ctx)
- {
- BN_MONT_CTX *bn_mont_ctx;
- if((bn_mont_ctx = BN_MONT_CTX_new()) == NULL)
- return 0;
- if(!BN_MONT_CTX_set(bn_mont_ctx, modulus, ctx))
- {
- BN_MONT_CTX_free(bn_mont_ctx);
- return 0;
- }
- if (*ptr == NULL) /* other thread may have finished first */
- {
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
- if (*ptr == NULL) /* check again in the lock to stop races */
- {
- *ptr = bn_mont_ctx;
- bn_mont_ctx = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
- }
- if (bn_mont_ctx)
- BN_MONT_CTX_free(bn_mont_ctx);
- return 1;
- }
/* Usage example;
* MONT_HELPER(rsa, bn_ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
*/
#define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \
if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \
- !rsa_eay_mont_helper(&((rsa)->_method_mod_##m), \
+ !BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \
+ CRYPTO_LOCK_RSA, \
(rsa)->m, (ctx))) \
err_instr
projects / oweals / openssl.git / commitdiff