diff --git a/CHANGES b/CHANGES
index 90b64f4e46a2c841bad85617f3e2092a78e82da8..103a74cdceda95a321e17dfb8e2d1edd4ec0173f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -794,6 +794,11 @@
 
  Changes between 0.9.7g and 0.9.7h  [XX xxx XXXX]
 
+  *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in
+     a threadsafe manner. Modify rsa code to use new function and add calls
+     to dsa and dh code (which had race conditions before).
+     [Steve Henson]
+
   *) Include the fixed error library code in the C error file definitions
      instead of fixing them up at runtime. This keeps the error code
      structures constant.
diff --git a/ChangeLog.0_9_7-stable_not-in-head b/ChangeLog.0_9_7-stable_not-in-head
index 3796e1978b4fb0aeeab12fa062662add8ee232ed..943c8ff05f64d5c59b18d570d5d467aa6a338842 100644
--- a/ChangeLog.0_9_7-stable_not-in-head
+++ b/ChangeLog.0_9_7-stable_not-in-head
@@ -837,31 +837,3 @@ be added to the end of this file.
 
 	Enable shared link on HP-UX.
 
-2005-04-22 07:17  steve
-
-	Changed:
-		CHANGES (1.977.2.156), "Exp", lines: +5 -0
-		crypto/bn/bn.h (1.66.2.4), "Exp", lines: +2 -0
-		crypto/bn/bn_mont.c (1.30.2.3), "Exp", lines: +20 -0
-		crypto/dh/dh_key.c (1.16.2.4), "Exp", lines: +14 -10
-		crypto/dsa/dsa_ossl.c (1.12.2.7), "Exp", lines: +12 -9
-		crypto/rsa/rsa_eay.c (1.28.2.10), "Exp", lines: +16 -90
-		fips/fipshashes.c (1.1.2.5), "Exp", lines: +3 -3
-		fips/dh/fips_dh_key.c (1.1.2.4), "Exp", lines: +13 -10
-		fips/dsa/fips_dsa_ossl.c (1.1.2.8), "Exp", lines: +12 -9
-		fips/rsa/fips_rsa_eay.c (1.1.4.5), "Exp", lines: +17 -90
-
-	New function BN_MONT_CTX_set_locked, to set montgomery parameters
-	in a threadsafe manner.
-
-		Modify or add calls to use it in rsa, dsa and dh
-	algorithms.
-
-2005-04-23 06:46  nils
-
-	Changed:
-		crypto/dsa/dsa_ossl.c (1.12.2.8), "Exp", lines: +1 -1
-		crypto/rsa/rsa_eay.c (1.28.2.11), "Exp", lines: +4 -4
-
-	fix typo
-
diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h
index 1c75fd07193998a8f697a8817dd0d7bf6fad63ff..d118fc6a8012f6b5db078368afc377fd523215dd 100644
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -510,6 +510,8 @@ int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
 void BN_MONT_CTX_free(BN_MONT_CTX *mont);
 int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
 BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
+					const BIGNUM *mod, BN_CTX *ctx);
 
 /* BN_BLINDING flags */
 #define	BN_BLINDING_NO_UPDATE	0x00000001
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index 61416483cb26761b113935857fc677a5081eac4d..6bcc9ad2e762f11f51cb0b135f00263c4c3da12f 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -350,3 +350,21 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
 	return(to);
 	}
 
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
+					const BIGNUM *mod, BN_CTX *ctx)
+	{
+	if (*pmont)
+		return *pmont;
+	CRYPTO_w_lock(lock);
+	if (!*pmont)
+		{
+		*pmont = BN_MONT_CTX_new();
+		if (*pmont && !BN_MONT_CTX_set(*pmont, mod, ctx))
+			{
+			BN_MONT_CTX_free(*pmont);
+			*pmont = NULL;
+			}
+		}
+	CRYPTO_w_unlock(lock);
+	return *pmont;
+	}
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index ad026cb861cc1d2380fd653d8f337c2533a92e3a..1439a7a9e96dfd6d97230b03df747e36a879a725 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -127,13 +127,15 @@ static int generate_key(DH *dh)
 	else
 		pub_key=dh->pub_key;
 
-	if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+
+	if (dh->flags & DH_FLAG_CACHE_MONT_P)
 		{
-		if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
-			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
-				dh->p,ctx)) goto err;
+		mont = BN_MONT_CTX_set_locked(
+				(BN_MONT_CTX **)&dh->method_mont_p,
+				CRYPTO_LOCK_DH, dh->p, ctx);
+		if (!mont)
+			goto err;
 		}
-	mont=(BN_MONT_CTX *)dh->method_mont_p;
 
 	if (generate_new_key)
 		{
@@ -173,14 +175,16 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 		DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
 		goto err;
 		}
-	if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+
+	if (dh->flags & DH_FLAG_CACHE_MONT_P)
 		{
-		if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
-			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
-				dh->p,ctx)) goto err;
+		mont = BN_MONT_CTX_set_locked(
+				(BN_MONT_CTX **)&dh->method_mont_p,
+				CRYPTO_LOCK_DH, dh->p, ctx);
+		if (!mont)
+			goto err;
 		}
 
-	mont=(BN_MONT_CTX *)dh->method_mont_p;
 	if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
 		{
 		DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 033bf9017f70297db575521a30c7268262cc2782..2f7fef12cf8d7cf25000cb91b7a2773e8e03acf5 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -228,11 +228,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		if (!BN_rand_range(&k, dsa->q)) goto err;
 	while (BN_is_zero(&k));
 
-	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
 		{
-		if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
-			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
-				dsa->p,ctx)) goto err;
+		if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
+						CRYPTO_LOCK_DSA,
+						dsa->p, ctx))
+			goto err;
 		}
 
 	/* Compute r = (g^k mod p) mod q */
@@ -307,13 +308,15 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 	/* u2 = r * w mod q */
 	if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
 
-	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+
+	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
 		{
-		if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
-			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
-				dsa->p,ctx)) goto err;
+		mont = BN_MONT_CTX_set_locked(
+					(BN_MONT_CTX **)&dsa->method_mont_p,
+					CRYPTO_LOCK_DSA, dsa->p, ctx);
+		if (!mont)
+			goto err;
 		}
-	mont=(BN_MONT_CTX *)dsa->method_mont_p;
 
 
 	DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index 6bf681f1f9b22760e240014c6ceffb509c4e1eec..738ea0be71c3f932f1cc5811dfac32b6fb52e805 100644
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -97,40 +97,13 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
 	return(&rsa_pkcs1_eay_meth);
 	}
 
-/* Static helper to reduce oodles of code duplication. As a slight
- * optimisation, the "MONT_HELPER() macro must be used as front-end to this
- * function, to prevent unnecessary function calls - there is an initial test
- * that is performed by the macro-generated code. */
-static int rsa_eay_mont_helper(BN_MONT_CTX **ptr, const BIGNUM *modulus, BN_CTX *ctx)
-	{
-	BN_MONT_CTX *bn_mont_ctx;
-	if((bn_mont_ctx = BN_MONT_CTX_new()) == NULL)
-		return 0;
-	if(!BN_MONT_CTX_set(bn_mont_ctx, modulus, ctx))
-		{
-		BN_MONT_CTX_free(bn_mont_ctx);
-		return 0;
-		}
-	if (*ptr == NULL) /* other thread may have finished first */
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-		if (*ptr == NULL) /* check again in the lock to stop races */
-			{
-			*ptr = bn_mont_ctx;
-			bn_mont_ctx = NULL;
-			}
-		CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-		}
-	if (bn_mont_ctx)
-		BN_MONT_CTX_free(bn_mont_ctx);
-	return 1;
-	}
 /* Usage example;
  *    MONT_HELPER(rsa, bn_ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
  */
 #define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \
 	if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \
-			!rsa_eay_mont_helper(&((rsa)->_method_mod_##m), \
+			!BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \
+				CRYPTO_LOCK_RSA, \
 				(rsa)->m, (ctx))) \
 		err_instr