Obtain lock CRYPTO_LOCK_RSA before creating BN_MONT_CTX

structures and setting rsa->_method_mod_{n,p,q}.

Submitted by: "Reddie, Steven" <Steven.Reddie@ca.com>

CHANGES

@@ -9,6 +9,15 @@
      when writing a 32767 byte record.
      [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
 
+  *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
+     obtain lock CRYPTO_LOCK_RSA before creating BN_MONT_CTX
+     structures and setting rsa->_method_mod_{n,p,q}.
+
+     (RSA objects have a reference count access to which is protected
+     by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
+     so they are meant to be shared between threads.)
+     [patch submitted by "Reddie, Steven" <Steven.Reddie@ca.com>]
+
   *) rand_win.c fix for Borland C.
      [Ulf M<>ller]
  

crypto/rsa/rsa_eay.c

@@ -138,9 +138,24 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from,
 	
 	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
 		{
-		if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
+		CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-			if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
+		if (rsa->_method_mod_n == NULL)
-			    goto err;
+			{
+			BN_MONT_CTX* bn_mont_ctx;
+			if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
+				{
+				CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+				goto err;
+				}
+			if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
+				{
+				BN_MONT_CTX_free(bn_mont_ctx);
+				CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+				goto err;
+				}
+			rsa->_method_mod_n = bn_mont_ctx;
+			}
+		CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
 		}
 
 	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
@@ -369,9 +384,24 @@ static int RSA_eay_public_decrypt(int flen, unsigned char *from,
 	/* do the decrypt */
 	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
 		{
-		if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
+		CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-			if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
+		if (rsa->_method_mod_n == NULL)
-			    goto err;
+			{
+			BN_MONT_CTX* bn_mont_ctx;
+			if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
+				{
+				CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+				goto err;
+				}
+			if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
+				{
+				BN_MONT_CTX_free(bn_mont_ctx);
+				CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+				goto err;
+				}
+			rsa->_method_mod_n = bn_mont_ctx;
+			}
+		CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
 		}
 
 	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
@@ -421,17 +451,45 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
 		{
 		if (rsa->_method_mod_p == NULL)
 			{
-			if ((rsa->_method_mod_p=BN_MONT_CTX_new()) != NULL)
+			CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-				if (!BN_MONT_CTX_set(rsa->_method_mod_p,rsa->p,
+			if (rsa->_method_mod_p == NULL)
-						     ctx))
+				{
+				BN_MONT_CTX* bn_mont_ctx;
+				if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
+					{
+					CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
 					goto err;
+					}
+				if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx))
+					{
+					BN_MONT_CTX_free(bn_mont_ctx);
+					CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+					goto err;
+					}
+				rsa->_method_mod_p = bn_mont_ctx;
+				}
+				CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
 			}
 		if (rsa->_method_mod_q == NULL)
 			{
-			if ((rsa->_method_mod_q=BN_MONT_CTX_new()) != NULL)
+			CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-				if (!BN_MONT_CTX_set(rsa->_method_mod_q,rsa->q,
+			if (rsa->_method_mod_q == NULL)
-						     ctx))
+				{
+				BN_MONT_CTX* bn_mont_ctx;
+				if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
+					{
+					CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
 					goto err;
+					}
+				if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx))
+					{
+					BN_MONT_CTX_free(bn_mont_ctx);
+					CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+					goto err;
+					}
+				rsa->_method_mod_q = bn_mont_ctx;
+				}
+			CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
 			}
 		}