From 6ec8e63af6c1835a8b222350dbabf7bb2ace094f Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 26 Apr 2005 23:58:54 +0000 Subject: [PATCH] Port BN_MONT_CTX_set_locked() from stable branch. The function rsa_eay_mont_helper() has been removed because it is no longer needed after this change. --- CHANGES | 5 +++++ ChangeLog.0_9_7-stable_not-in-head | 28 --------------------------- crypto/bn/bn.h | 2 ++ crypto/bn/bn_mont.c | 18 +++++++++++++++++ crypto/dh/dh_key.c | 24 +++++++++++++---------- crypto/dsa/dsa_ossl.c | 21 +++++++++++--------- crypto/rsa/rsa_eay.c | 31 ++---------------------------- 7 files changed, 53 insertions(+), 76 deletions(-) diff --git a/CHANGES b/CHANGES index 90b64f4e46..103a74cdce 100644 --- a/CHANGES +++ b/CHANGES @@ -794,6 +794,11 @@ Changes between 0.9.7g and 0.9.7h [XX xxx XXXX] + *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in + a threadsafe manner. Modify rsa code to use new function and add calls + to dsa and dh code (which had race conditions before). + [Steve Henson] + *) Include the fixed error library code in the C error file definitions instead of fixing them up at runtime. This keeps the error code structures constant. diff --git a/ChangeLog.0_9_7-stable_not-in-head b/ChangeLog.0_9_7-stable_not-in-head index 3796e1978b..943c8ff05f 100644 --- a/ChangeLog.0_9_7-stable_not-in-head +++ b/ChangeLog.0_9_7-stable_not-in-head @@ -837,31 +837,3 @@ be added to the end of this file. Enable shared link on HP-UX. -2005-04-22 07:17 steve - - Changed: - CHANGES (1.977.2.156), "Exp", lines: +5 -0 - crypto/bn/bn.h (1.66.2.4), "Exp", lines: +2 -0 - crypto/bn/bn_mont.c (1.30.2.3), "Exp", lines: +20 -0 - crypto/dh/dh_key.c (1.16.2.4), "Exp", lines: +14 -10 - crypto/dsa/dsa_ossl.c (1.12.2.7), "Exp", lines: +12 -9 - crypto/rsa/rsa_eay.c (1.28.2.10), "Exp", lines: +16 -90 - fips/fipshashes.c (1.1.2.5), "Exp", lines: +3 -3 - fips/dh/fips_dh_key.c (1.1.2.4), "Exp", lines: +13 -10 - fips/dsa/fips_dsa_ossl.c (1.1.2.8), "Exp", lines: +12 -9 - fips/rsa/fips_rsa_eay.c (1.1.4.5), "Exp", lines: +17 -90 - - New function BN_MONT_CTX_set_locked, to set montgomery parameters - in a threadsafe manner. - - Modify or add calls to use it in rsa, dsa and dh - algorithms. - -2005-04-23 06:46 nils - - Changed: - crypto/dsa/dsa_ossl.c (1.12.2.8), "Exp", lines: +1 -1 - crypto/rsa/rsa_eay.c (1.28.2.11), "Exp", lines: +4 -4 - - fix typo - diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 1c75fd0719..d118fc6a80 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -510,6 +510,8 @@ int BN_from_montgomery(BIGNUM *r,const BIGNUM *a, void BN_MONT_CTX_free(BN_MONT_CTX *mont); int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx); BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, + const BIGNUM *mod, BN_CTX *ctx); /* BN_BLINDING flags */ #define BN_BLINDING_NO_UPDATE 0x00000001 diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index 61416483cb..6bcc9ad2e7 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -350,3 +350,21 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) return(to); } +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, + const BIGNUM *mod, BN_CTX *ctx) + { + if (*pmont) + return *pmont; + CRYPTO_w_lock(lock); + if (!*pmont) + { + *pmont = BN_MONT_CTX_new(); + if (*pmont && !BN_MONT_CTX_set(*pmont, mod, ctx)) + { + BN_MONT_CTX_free(*pmont); + *pmont = NULL; + } + } + CRYPTO_w_unlock(lock); + return *pmont; + } diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index ad026cb861..1439a7a9e9 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -127,13 +127,15 @@ static int generate_key(DH *dh) else pub_key=dh->pub_key; - if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P)) + + if (dh->flags & DH_FLAG_CACHE_MONT_P) { - if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, - dh->p,ctx)) goto err; + mont = BN_MONT_CTX_set_locked( + (BN_MONT_CTX **)&dh->method_mont_p, + CRYPTO_LOCK_DH, dh->p, ctx); + if (!mont) + goto err; } - mont=(BN_MONT_CTX *)dh->method_mont_p; if (generate_new_key) { @@ -173,14 +175,16 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); goto err; } - if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P)) + + if (dh->flags & DH_FLAG_CACHE_MONT_P) { - if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, - dh->p,ctx)) goto err; + mont = BN_MONT_CTX_set_locked( + (BN_MONT_CTX **)&dh->method_mont_p, + CRYPTO_LOCK_DH, dh->p, ctx); + if (!mont) + goto err; } - mont=(BN_MONT_CTX *)dh->method_mont_p; if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) { DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB); diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 033bf9017f..2f7fef12cf 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -228,11 +228,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) if (!BN_rand_range(&k, dsa->q)) goto err; while (BN_is_zero(&k)); - if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) + if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { - if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, - dsa->p,ctx)) goto err; + if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p, + CRYPTO_LOCK_DSA, + dsa->p, ctx)) + goto err; } /* Compute r = (g^k mod p) mod q */ @@ -307,13 +308,15 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, /* u2 = r * w mod q */ if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err; - if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) + + if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { - if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, - dsa->p,ctx)) goto err; + mont = BN_MONT_CTX_set_locked( + (BN_MONT_CTX **)&dsa->method_mont_p, + CRYPTO_LOCK_DSA, dsa->p, ctx); + if (!mont) + goto err; } - mont=(BN_MONT_CTX *)dsa->method_mont_p; DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont); diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 6bf681f1f9..738ea0be71 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -97,40 +97,13 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) return(&rsa_pkcs1_eay_meth); } -/* Static helper to reduce oodles of code duplication. As a slight - * optimisation, the "MONT_HELPER() macro must be used as front-end to this - * function, to prevent unnecessary function calls - there is an initial test - * that is performed by the macro-generated code. */ -static int rsa_eay_mont_helper(BN_MONT_CTX **ptr, const BIGNUM *modulus, BN_CTX *ctx) - { - BN_MONT_CTX *bn_mont_ctx; - if((bn_mont_ctx = BN_MONT_CTX_new()) == NULL) - return 0; - if(!BN_MONT_CTX_set(bn_mont_ctx, modulus, ctx)) - { - BN_MONT_CTX_free(bn_mont_ctx); - return 0; - } - if (*ptr == NULL) /* other thread may have finished first */ - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (*ptr == NULL) /* check again in the lock to stop races */ - { - *ptr = bn_mont_ctx; - bn_mont_ctx = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } - if (bn_mont_ctx) - BN_MONT_CTX_free(bn_mont_ctx); - return 1; - } /* Usage example; * MONT_HELPER(rsa, bn_ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); */ #define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \ if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \ - !rsa_eay_mont_helper(&((rsa)->_method_mod_##m), \ + !BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \ + CRYPTO_LOCK_RSA, \ (rsa)->m, (ctx))) \ err_instr -- GitLab