generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Thread-safety fixes

Browse Source
This commit is contained in:
Bodo Möller 2006-06-14 08:50:11 +00:00
parent 6651ac386e
commit 019a63f9c9
7 changed files with 184 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -4,7 +4,9 @@
Changes between 0.9.7j and 0.9.7k [xx XXX xxxx]
*)
*) Fix RSA blinding Heisenbug (problems sometimes occured on
dual-core machines) and other potential thread-safety issues.
[Bodo Moeller]
Changes between 0.9.7i and 0.9.7j [04 May 2006]

2
LICENSE
View File

@ -12,7 +12,7 @@
---------------
/* ====================================================================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions

67
crypto/bn/bn_mont.c
View File

@ -55,6 +55,59 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* Details about Montgomery multiplication algorithms can be found at
@ -355,15 +408,13 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
CRYPTO_w_lock(lock);
if (!*pmont)
{
*pmont = BN_MONT_CTX_new();
if (*pmont && !BN_MONT_CTX_set(*pmont, mod, ctx))
{
BN_MONT_CTX_free(*pmont);
*pmont = NULL;
}
BN_MONT_CTX *mtmp;
mtmp = BN_MONT_CTX_new();
if (mtmp && !BN_MONT_CTX_set(mtmp, mod, ctx))
BN_MONT_CTX_free(mtmp);
else
*pmont = mtmp;
}
CRYPTO_w_unlock(lock);
return *pmont;
}

15
crypto/err/err.c
View File

@ -549,9 +549,20 @@ static void build_SYS_str_reasons()
int i;
static int init = 1;
if (!init) return;
CRYPTO_r_lock(CRYPTO_LOCK_ERR);
if (!init)
{
CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
return;
}
CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
CRYPTO_w_lock(CRYPTO_LOCK_ERR);
if (!init)
{
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
return;
}
for (i = 1; i <= NUM_SYS_STR_REASONS; i++)
{

53
crypto/rsa/rsa_eay.c
View File

@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -228,25 +228,40 @@ err:
return(r);
}
static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
static int blinding_helper(RSA *rsa, BN_CTX *ctx)
{
int ret = 1;
CRYPTO_w_lock(CRYPTO_LOCK_RSA);
/* Check again inside the lock - the macro's check is racey */
if(rsa->blinding == NULL)
ret = RSA_blinding_on(rsa, ctx);
CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
int ret = 0;
int got_write_lock = 0;
CRYPTO_r_lock(CRYPTO_LOCK_RSA);
if (rsa->flags & RSA_FLAG_NO_BLINDING)
ret = 1;
else
{
if (rsa->blinding != NULL)
ret = 1;
else
{
CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
CRYPTO_w_lock(CRYPTO_LOCK_RSA);
got_write_lock = 1;
if(rsa->blinding != NULL)
ret = 1;
else
ret = RSA_blinding_on(rsa, ctx);
}
}
if (got_write_lock)
CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
else
CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
return ret;
}
#define BLINDING_HELPER(rsa, ctx, err_instr) \
do { \
if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \
((rsa)->blinding == NULL) && \
!rsa_eay_blinding(rsa, ctx)) \
err_instr \
} while(0)
static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx)
{
BIGNUM *A, *Ai;
@ -327,7 +342,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
goto err;
}
BLINDING_HELPER(rsa, ctx, goto err;);
if (!blinding_helper(rsa, ctx))
goto err;
blinding = rsa->blinding;
/* Now unless blinding is disabled, 'blinding' is non-NULL.
@ -463,7 +479,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
goto err;
}
BLINDING_HELPER(rsa, ctx, goto err;);
if (!blinding_helper(rsa, ctx))
goto err;
blinding = rsa->blinding;
/* Now unless blinding is disabled, 'blinding' is non-NULL.

28
ssl/ssl_cert.c
View File

@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -73,12 +73,12 @@
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
@ -87,7 +87,7 @@
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -102,6 +102,11 @@
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
@ -135,21 +140,28 @@
int SSL_get_ex_data_X509_STORE_CTX_idx(void)
{
static volatile int ssl_x509_store_ctx_idx= -1;
int got_write_lock = 0;
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
if (ssl_x509_store_ctx_idx < 0)
{
/* any write lock will do; usually this branch
* will only be taken once anyway */
CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
got_write_lock = 1;
if (ssl_x509_store_ctx_idx < 0)
{
ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
0,"SSL for verify callback",NULL,NULL,NULL);
}
CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
}
if (got_write_lock)
CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
else
CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
return ssl_x509_store_ctx_idx;
}

53
ssl/ssl_ciph.c
View File

@ -55,6 +55,59 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/objects.h>