diff --git a/CHANGES b/CHANGES index f47d6ed81..fdb213132 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,15 @@ when writing a 32767 byte record. [Bodo Moeller; problem reported by Eric Day ] + *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c), + obtain lock CRYPTO_LOCK_RSA before creating BN_MONT_CTX + structures and setting rsa->_method_mod_{n,p,q}. + + (RSA objects have a reference count access to which is protected + by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c], + so they are meant to be shared between threads.) + [patch submitted by "Reddie, Steven" ] + *) rand_win.c fix for Borland C. [Ulf Möller] diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 618b5bd59..58fe1dc39 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -138,9 +138,24 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from, if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) { - if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx)) - goto err; + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + if (rsa->_method_mod_n == NULL) + { + BN_MONT_CTX* bn_mont_ctx; + if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) + { + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + goto err; + } + if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx)) + { + BN_MONT_CTX_free(bn_mont_ctx); + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + goto err; + } + rsa->_method_mod_n = bn_mont_ctx; + } + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); } if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, @@ -369,9 +384,24 @@ static int RSA_eay_public_decrypt(int flen, unsigned char *from, /* do the decrypt */ if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) { - if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx)) - goto err; + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + if (rsa->_method_mod_n == NULL) + { + BN_MONT_CTX* bn_mont_ctx; + if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) + { + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + goto err; + } + if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx)) + { + BN_MONT_CTX_free(bn_mont_ctx); + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + goto err; + } + rsa->_method_mod_n = bn_mont_ctx; + } + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); } if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, @@ -421,17 +451,45 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) { if (rsa->_method_mod_p == NULL) { - if ((rsa->_method_mod_p=BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set(rsa->_method_mod_p,rsa->p, - ctx)) + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + if (rsa->_method_mod_p == NULL) + { + BN_MONT_CTX* bn_mont_ctx; + if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) + { + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); goto err; + } + if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx)) + { + BN_MONT_CTX_free(bn_mont_ctx); + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + goto err; + } + rsa->_method_mod_p = bn_mont_ctx; + } + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); } if (rsa->_method_mod_q == NULL) { - if ((rsa->_method_mod_q=BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set(rsa->_method_mod_q,rsa->q, - ctx)) + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + if (rsa->_method_mod_q == NULL) + { + BN_MONT_CTX* bn_mont_ctx; + if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) + { + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); goto err; + } + if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx)) + { + BN_MONT_CTX_free(bn_mont_ctx); + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + goto err; + } + rsa->_method_mod_q = bn_mont_ctx; + } + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); } }