From 9b398ef297dd1b74527dd0afee9f59cd3f5bc33d Mon Sep 17 00:00:00 2001 From: Alessandro Ghedini Date: Mon, 29 Feb 2016 16:57:11 +0000 Subject: [PATCH] Convert CRYPTO_LOCK_EC_* to new multi-threading API Reviewed-by: Matt Caswell Reviewed-by: Rich Salz --- crypto/ec/ec_key.c | 9 +++++++-- crypto/ec/ec_kmeth.c | 13 ++++++++++++- crypto/ec/ec_lcl.h | 1 + crypto/ec/ec_mult.c | 25 ++++++++++++++++++++++--- crypto/ec/ecp_nistp224.c | 25 ++++++++++++++++++++++--- crypto/ec/ecp_nistp256.c | 24 +++++++++++++++++++++--- crypto/ec/ecp_nistp521.c | 25 ++++++++++++++++++++++--- crypto/ec/ecp_nistz256.c | 24 +++++++++++++++++++++--- include/openssl/crypto.h | 2 -- 9 files changed, 128 insertions(+), 20 deletions(-) diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 3b02eca5b5..0d7370eef9 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -98,7 +98,7 @@ void EC_KEY_free(EC_KEY *r) if (r == NULL) return; - i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC); + CRYPTO_atomic_add(&r->references, -1, &i, r->lock); REF_PRINT_COUNT("EC_KEY", r); if (i > 0) return; @@ -115,6 +115,7 @@ void EC_KEY_free(EC_KEY *r) r->group->meth->keyfinish(r); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data); + CRYPTO_THREAD_lock_free(r->lock); EC_GROUP_free(r->group); EC_POINT_free(r->pub_key); BN_clear_free(r->priv_key); @@ -204,6 +205,7 @@ EC_KEY *EC_KEY_dup(EC_KEY *ec_key) if (ret == NULL) return NULL; + if (EC_KEY_copy(ret, ec_key) == NULL) { EC_KEY_free(ret); return NULL; @@ -213,7 +215,10 @@ EC_KEY *EC_KEY_dup(EC_KEY *ec_key) int EC_KEY_up_ref(EC_KEY *r) { - int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC); + int i; + + if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0) + return 0; REF_PRINT_COUNT("EC_KEY", r); REF_ASSERT_ISNT(i < 2); diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c index fad74bf435..c656cc96de 100644 --- a/crypto/ec/ec_kmeth.c +++ b/crypto/ec/ec_kmeth.c @@ -122,18 +122,27 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine) if (ret == NULL) { ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) { OPENSSL_free(ret); return NULL; } + ret->lock = CRYPTO_THREAD_lock_new(); + if (ret->lock == NULL) { + ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data); + OPENSSL_free(ret); + return NULL; + } + ret->meth = EC_KEY_get_default_method(); #ifndef OPENSSL_NO_ENGINE if (engine != NULL) { if (!ENGINE_init(engine)) { ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data); OPENSSL_free(ret); return NULL; } @@ -145,6 +154,7 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine) if (ret->meth == NULL) { ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB); ENGINE_finish(ret->engine); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data); OPENSSL_free(ret); return NULL; } @@ -154,6 +164,7 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine) ret->version = 1; ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; ret->references = 1; + if (ret->meth->init != NULL && ret->meth->init(ret) == 0) { EC_KEY_free(ret); return NULL; diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index e085f76c20..e6a491451f 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -310,6 +310,7 @@ struct ec_key_st { int references; int flags; CRYPTO_EX_DATA ex_data; + CRYPTO_RWLOCK *lock; } /* EC_KEY */ ; struct ec_point_st { diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 70c9791f8b..3c283e5ed6 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -63,6 +63,7 @@ #include #include +#include "internal/cryptlib.h" #include "internal/bn_int.h" #include "ec_lcl.h" @@ -85,6 +86,7 @@ struct ec_pre_comp_st { * objects followed by a NULL */ size_t num; /* numblocks * 2^(w-1) */ int references; + CRYPTO_RWLOCK *lock; }; static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group) @@ -99,25 +101,41 @@ static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group) ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); return ret; } + ret->group = group; ret->blocksize = 8; /* default */ ret->w = 4; /* default */ ret->references = 1; + + ret->lock = CRYPTO_THREAD_lock_new(); + if (ret->lock == NULL) { + ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); + OPENSSL_free(ret); + return NULL; + } return ret; } EC_PRE_COMP *EC_ec_pre_comp_dup(EC_PRE_COMP *pre) { + int i; if (pre != NULL) - CRYPTO_add(&pre->references, 1, CRYPTO_LOCK_EC_PRE_COMP); + CRYPTO_atomic_add(&pre->references, 1, &i, pre->lock); return pre; } void EC_ec_pre_comp_free(EC_PRE_COMP *pre) { - if (pre == NULL - || CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP) > 0) + int i; + + if (pre == NULL) + return; + + CRYPTO_atomic_add(&pre->references, -1, &i, pre->lock); + REF_PRINT_COUNT("EC_ec", pre); + if (i > 0) return; + REF_ASSERT_ISNT(i < 0); if (pre->points != NULL) { EC_POINT **pts; @@ -126,6 +144,7 @@ void EC_ec_pre_comp_free(EC_PRE_COMP *pre) EC_POINT_free(*pts); OPENSSL_free(pre->points); } + CRYPTO_THREAD_lock_free(pre->lock); OPENSSL_free(pre); } diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 0eea2e005d..78bdc355bd 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -231,6 +231,7 @@ static const felem gmul[2][16][3] = { struct nistp224_pre_comp_st { felem g_pre_comp[2][16][3]; int references; + CRYPTO_RWLOCK *lock; }; const EC_METHOD *EC_GFp_nistp224_method(void) @@ -1216,22 +1217,40 @@ static NISTP224_PRE_COMP *nistp224_pre_comp_new() ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); return ret; } + ret->references = 1; + + ret->lock = CRYPTO_THREAD_lock_new(); + if (ret->lock == NULL) { + ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); + OPENSSL_free(ret); + return NULL; + } return ret; } NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *p) { + int i; if (p != NULL) - CRYPTO_add(&p->references, 1, CRYPTO_LOCK_EC_PRE_COMP); + CRYPTO_atomic_add(&p->references, 1, &i, p->lock); return p; } void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *p) { - if (p == NULL - || CRYPTO_add(&p->references, -1, CRYPTO_LOCK_EC_PRE_COMP) > 0) + int i; + + if (p == NULL) + return; + + CRYPTO_atomic_add(&p->references, -1, &i, p->lock); + REF_PRINT_COUNT("EC_nistp224", x); + if (i > 0) return; + REF_ASSERT_ISNT(i < 0); + + CRYPTO_THREAD_lock_free(p->lock); OPENSSL_free(p); } diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 1549b9c689..2da266cb6e 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -1760,6 +1760,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, struct nistp256_pre_comp_st { smallfelem g_pre_comp[2][16][3]; int references; + CRYPTO_RWLOCK *lock; }; const EC_METHOD *EC_GFp_nistp256_method(void) @@ -1834,21 +1835,38 @@ static NISTP256_PRE_COMP *nistp256_pre_comp_new() } ret->references = 1; + + ret->lock = CRYPTO_THREAD_lock_new(); + if (ret->lock == NULL) { + ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); + OPENSSL_free(ret); + return NULL; + } return ret; } NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *p) { + int i; if (p != NULL) - CRYPTO_add(&p->references, 1, CRYPTO_LOCK_EC_PRE_COMP); + CRYPTO_atomic_add(&p->references, 1, &i, p->lock); return p; } void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *pre) { - if (pre == NULL - || CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP) > 0) + int i; + + if (pre == NULL) return; + + CRYPTO_atomic_add(&pre->references, -1, &i, pre->lock); + REF_PRINT_COUNT("EC_nistp256", x); + if (i > 0) + return; + REF_ASSERT_ISNT(i < 0); + + CRYPTO_THREAD_lock_free(pre->lock); OPENSSL_free(pre); } diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 629bf5d7de..a9b4295e30 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -1589,6 +1589,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, struct nistp521_pre_comp_st { felem g_pre_comp[16][3]; int references; + CRYPTO_RWLOCK *lock; }; const EC_METHOD *EC_GFp_nistp521_method(void) @@ -1661,22 +1662,40 @@ static NISTP521_PRE_COMP *nistp521_pre_comp_new() ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); return ret; } + ret->references = 1; + + ret->lock = CRYPTO_THREAD_lock_new(); + if (ret->lock == NULL) { + ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); + OPENSSL_free(ret); + return NULL; + } return ret; } NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *p) { + int i; if (p != NULL) - CRYPTO_add(&p->references, 1, CRYPTO_LOCK_EC_PRE_COMP); + CRYPTO_atomic_add(&p->references, 1, &i, p->lock); return p; } void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *p) { - if (p == NULL - || CRYPTO_add(&p->references, -1, CRYPTO_LOCK_EC_PRE_COMP) > 0) + int i; + + if (p == NULL) + return; + + CRYPTO_atomic_add(&p->references, -1, &i, p->lock); + REF_PRINT_COUNT("EC_nistp521", x); + if (i > 0) return; + REF_ASSERT_ISNT(i < 0); + + CRYPTO_THREAD_lock_free(p->lock); OPENSSL_free(p); } diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 0f8bd85af6..f2ef9be7f8 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -76,6 +76,7 @@ struct nistz256_pre_comp_st { PRECOMP256_ROW *precomp; void *precomp_storage; int references; + CRYPTO_RWLOCK *lock; }; /* Functions implemented in assembly */ @@ -1396,22 +1397,39 @@ static NISTZ256_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group) ret->group = group; ret->w = 6; /* default */ ret->references = 1; + + ret->lock = CRYPTO_THREAD_lock_new(); + if (ret->lock == NULL) { + ECerr(EC_F_ECP_NISTZ256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); + OPENSSL_free(ret); + return NULL; + } return ret; } NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *p) { + int i; if (p != NULL) - CRYPTO_add(&p->references, 1, CRYPTO_LOCK_EC_PRE_COMP); + CRYPTO_atomic_add(&p->references, 1, &i, p->lock); return p; } void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *pre) { - if (pre == NULL - || CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP) > 0) + int i; + + if (pre == NULL) return; + + CRYPTO_atomic_add(&pre->references, -1, &i, pre->lock); + REF_PRINT_COUNT("EC_nistz256", x); + if (i > 0) + return; + REF_ASSERT_ISNT(i < 0); + OPENSSL_free(pre->precomp_storage); + CRYPTO_THREAD_lock_free(pre->lock); OPENSSL_free(pre); } diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 4af6f72b0c..5ec134dacd 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -187,10 +187,8 @@ extern "C" { # define CRYPTO_LOCK_ENGINE 30 # define CRYPTO_LOCK_UI 31 # define CRYPTO_LOCK_ECDSA 32 -# define CRYPTO_LOCK_EC 33 # define CRYPTO_LOCK_ECDH 34 # define CRYPTO_LOCK_BN 35 -# define CRYPTO_LOCK_EC_PRE_COMP 36 # define CRYPTO_LOCK_STORE 37 # define CRYPTO_LOCK_COMP 38 # define CRYPTO_LOCK_FIPS 39 -- 2.25.1