[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Tue Mar 8 14:07:39 UTC 2016
The branch master has been updated
via f75200115d1a778c39c8a8850823928d8be1f8ac (commit)
via c74471d293c3fef2d3d1cc3eb20e092f167ccdf9 (commit)
via d188a53617de68a707fe9459d4f4245d9a57cd9c (commit)
via f989cd8c0bb3c579d112294bf8e304647b334ee8 (commit)
from 8f675b6e98087d5be05cc3ceb9af97cae18bd3e5 (commit)
- Log -----------------------------------------------------------------
commit f75200115d1a778c39c8a8850823928d8be1f8ac
Author: Alessandro Ghedini <alessandro at ghedini.me>
Date: Sat Mar 5 21:54:02 2016 +0000
Convert CRYPTO_LOCK_EX_DATA to new multi-threading API
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit c74471d293c3fef2d3d1cc3eb20e092f167ccdf9
Author: Alessandro Ghedini <alessandro at ghedini.me>
Date: Fri Mar 4 16:04:37 2016 +0000
Convert CRYPTO_LOCK_DSO to new multi-threading API
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit d188a53617de68a707fe9459d4f4245d9a57cd9c
Author: Alessandro Ghedini <alessandro at ghedini.me>
Date: Fri Mar 4 15:43:46 2016 +0000
Convert CRYPTO_LOCK_{DH,DSA,RSA} to new multi-threading API
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit f989cd8c0bb3c579d112294bf8e304647b334ee8
Author: Alessandro Ghedini <alessandro at ghedini.me>
Date: Fri Mar 4 15:24:26 2016 +0000
Convert CRYPTO_LOCK_GET*BYNAME to new multi-threading API
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/bio/b_addr.c | 17 +++++++++++++----
crypto/bn/bn_mont.c | 10 +++++-----
crypto/dh/dh_key.c | 4 ++--
crypto/dh/dh_lib.c | 25 ++++++++++++++++++++-----
crypto/dsa/dsa_lib.c | 23 ++++++++++++++++++-----
crypto/dsa/dsa_ossl.c | 4 ++--
crypto/dso/dso_lib.c | 37 +++++++++++++++++++++++++++----------
crypto/ex_data.c | 27 ++++++++++++++++++++-------
crypto/rsa/rsa_lib.c | 22 +++++++++++++++++-----
crypto/rsa/rsa_ossl.c | 38 +++++++++++---------------------------
include/openssl/bn.h | 2 +-
include/openssl/crypto.h | 7 -------
include/openssl/dh.h | 1 +
include/openssl/dsa.h | 1 +
include/openssl/dso.h | 1 +
include/openssl/rsa.h | 1 +
16 files changed, 140 insertions(+), 80 deletions(-)
diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index 6125e86..0a6c5e9 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@@ -55,12 +55,16 @@
#include <string.h>
#include "bio_lcl.h"
+#include "internal/threads.h"
#ifndef OPENSSL_NO_SOCK
#include <openssl/err.h>
#include <openssl/buffer.h>
#include <ctype.h>
+static CRYPTO_RWLOCK *bio_lookup_lock;
+static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT;
+
/*
* Throughout this file and bio_lcl.h, the existence of the macro
* AI_PASSIVE is used to detect the availability of struct addrinfo,
@@ -623,6 +627,11 @@ static int addrinfo_wrap(int family, int socktype,
return 1;
}
+static void do_bio_lookup_init(void)
+{
+ bio_lookup_lock = CRYPTO_THREAD_lock_new();
+}
+
/*-
* BIO_lookup - look up the node and service you want to connect to.
* @node: the node you want to connect to.
@@ -735,8 +744,9 @@ int BIO_lookup(const char *host, const char *service,
#endif
char *proto = NULL;
- CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
- CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME);
+ CRYPTO_THREAD_run_once(&bio_lookup_init, do_bio_lookup_init);
+
+ CRYPTO_THREAD_write_lock(bio_lookup_lock);
he_fallback_address = INADDR_ANY;
if (host == NULL) {
he = &he_fallback;
@@ -838,8 +848,7 @@ int BIO_lookup(const char *host, const char *service,
ret = 1;
}
err:
- CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME);
- CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
+ CRYPTO_THREAD_unlock(bio_lookup_lock);
}
return ret;
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index e0a9a09..dfa395a 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -496,14 +496,14 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
return (to);
}
-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock,
const BIGNUM *mod, BN_CTX *ctx)
{
BN_MONT_CTX *ret;
- CRYPTO_r_lock(lock);
+ CRYPTO_THREAD_read_lock(lock);
ret = *pmont;
- CRYPTO_r_unlock(lock);
+ CRYPTO_THREAD_unlock(lock);
if (ret)
return ret;
@@ -524,12 +524,12 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
}
/* The locked compare-and-set, after the local work is done. */
- CRYPTO_w_lock(lock);
+ CRYPTO_THREAD_write_lock(lock);
if (*pmont) {
BN_MONT_CTX_free(ret);
ret = *pmont;
} else
*pmont = ret;
- CRYPTO_w_unlock(lock);
+ CRYPTO_THREAD_unlock(lock);
return ret;
}
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 5ee38e3..558ec8c 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -140,7 +140,7 @@ static int generate_key(DH *dh)
if (dh->flags & DH_FLAG_CACHE_MONT_P) {
mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
- CRYPTO_LOCK_DH, dh->p, ctx);
+ dh->lock, dh->p, ctx);
if (!mont)
goto err;
}
@@ -222,7 +222,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
if (dh->flags & DH_FLAG_CACHE_MONT_P) {
mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
- CRYPTO_LOCK_DH, dh->p, ctx);
+ dh->lock, dh->p, ctx);
if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
/* XXX */
BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 58280d8..d7aed6a 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -108,7 +108,7 @@ DH *DH_new_method(ENGINE *engine)
if (ret == NULL) {
DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ return NULL;
}
ret->meth = DH_get_default_method();
@@ -135,16 +135,25 @@ DH *DH_new_method(ENGINE *engine)
ret->references = 1;
ret->flags = ret->meth->flags;
+
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(ret->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
OPENSSL_free(ret);
+ return NULL;
+ }
+
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+ DH_free(ret);
ret = NULL;
}
- return (ret);
+
+ return ret;
}
void DH_free(DH *r)
@@ -153,7 +162,8 @@ void DH_free(DH *r)
if (r == NULL)
return;
- i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
+
+ CRYPTO_atomic_add(&r->references, -1, &i, r->lock);
REF_PRINT_COUNT("DH", r);
if (i > 0)
return;
@@ -167,6 +177,8 @@ void DH_free(DH *r)
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
+ CRYPTO_THREAD_lock_free(r->lock);
+
BN_clear_free(r->p);
BN_clear_free(r->g);
BN_clear_free(r->q);
@@ -180,7 +192,10 @@ void DH_free(DH *r)
int DH_up_ref(DH *r)
{
- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
+ int i;
+
+ if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0)
+ return 0;
REF_PRINT_COUNT("DH", r);
REF_ASSERT_ISNT(i < 2);
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index f7795b2..3b99b3c 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -115,7 +115,7 @@ DSA *DSA_new_method(ENGINE *engine)
ret = OPENSSL_zalloc(sizeof(*ret));
if (ret == NULL) {
DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ return NULL;
}
ret->meth = DSA_get_default_method();
#ifndef OPENSSL_NO_ENGINE
@@ -141,17 +141,25 @@ DSA *DSA_new_method(ENGINE *engine)
ret->references = 1;
ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
+
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(ret->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
OPENSSL_free(ret);
+ return NULL;
+ }
+
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+ DSA_free(ret);
ret = NULL;
}
- return (ret);
+ return ret;
}
void DSA_free(DSA *r)
@@ -161,7 +169,7 @@ void DSA_free(DSA *r)
if (r == NULL)
return;
- i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DSA);
+ CRYPTO_atomic_add(&r->references, -1, &i, r->lock);
REF_PRINT_COUNT("DSA", r);
if (i > 0)
return;
@@ -175,6 +183,8 @@ void DSA_free(DSA *r)
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
+ CRYPTO_THREAD_lock_free(r->lock);
+
BN_clear_free(r->p);
BN_clear_free(r->q);
BN_clear_free(r->g);
@@ -185,7 +195,10 @@ void DSA_free(DSA *r)
int DSA_up_ref(DSA *r)
{
- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
+ int i;
+
+ if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0)
+ return 0;
REF_PRINT_COUNT("DSA", r);
REF_ASSERT_ISNT(i < 2);
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 0874e89..f8b4647 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -265,7 +265,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
- CRYPTO_LOCK_DSA, dsa->p, ctx))
+ dsa->lock, dsa->p, ctx))
goto err;
}
@@ -388,7 +388,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
- CRYPTO_LOCK_DSA, dsa->p, ctx);
+ dsa->lock, dsa->p, ctx);
if (!mont)
goto err;
}
diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c
index c410eac..3082545 100644
--- a/crypto/dso/dso_lib.c
+++ b/crypto/dso/dso_lib.c
@@ -120,12 +120,20 @@ DSO *DSO_new_method(DSO_METHOD *meth)
else
ret->meth = meth;
ret->references = 1;
- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
sk_void_free(ret->meth_data);
OPENSSL_free(ret);
+ return NULL;
+ }
+
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+ DSO_free(ret);
ret = NULL;
}
- return (ret);
+
+ return ret;
}
int DSO_free(DSO *dso)
@@ -135,27 +143,30 @@ int DSO_free(DSO *dso)
if (dso == NULL)
return (1);
- i = CRYPTO_add(&dso->references, -1, CRYPTO_LOCK_DSO);
+ if (CRYPTO_atomic_add(&dso->references, -1, &i, dso->lock) <= 0)
+ return 0;
+
REF_PRINT_COUNT("DSO", dso);
if (i > 0)
- return (1);
+ return 1;
REF_ASSERT_ISNT(i < 0);
if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) {
DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED);
- return (0);
+ return 0;
}
if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) {
DSOerr(DSO_F_DSO_FREE, DSO_R_FINISH_FAILED);
- return (0);
+ return 0;
}
sk_void_free(dso->meth_data);
OPENSSL_free(dso->filename);
OPENSSL_free(dso->loaded_filename);
+ CRYPTO_THREAD_lock_free(dso->lock);
OPENSSL_free(dso);
- return (1);
+ return 1;
}
int DSO_flags(DSO *dso)
@@ -165,13 +176,19 @@ int DSO_flags(DSO *dso)
int DSO_up_ref(DSO *dso)
{
+ int i;
+
if (dso == NULL) {
DSOerr(DSO_F_DSO_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
- return (0);
+ return 0;
}
- CRYPTO_add(&dso->references, 1, CRYPTO_LOCK_DSO);
- return (1);
+ if (CRYPTO_atomic_add(&dso->references, 1, &i, dso->lock) <= 0)
+ return 0;
+
+ REF_PRINT_COUNT("DSO", r);
+ REF_ASSERT_ISNT(i < 2);
+ return ((i > 1) ? 1 : 0);
}
DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index f19fa8e..de734d3 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -109,6 +109,7 @@
*/
#include "internal/cryptlib.h"
+#include "internal/threads.h"
#include <openssl/lhash.h>
/*
@@ -133,6 +134,16 @@ typedef struct ex_callbacks_st {
static EX_CALLBACKS ex_data[CRYPTO_EX_INDEX__COUNT];
+static CRYPTO_RWLOCK *ex_data_lock;
+static CRYPTO_ONCE ex_data_init = CRYPTO_ONCE_STATIC_INIT;
+
+static void do_ex_data_init(void)
+{
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+ ex_data_lock = CRYPTO_THREAD_lock_new();
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+}
+
/*
* Return the EX_CALLBACKS from the |ex_data| array that corresponds to
* a given class. On success, *holds the lock.*
@@ -146,8 +157,10 @@ static EX_CALLBACKS *get_and_lock(int class_index)
return NULL;
}
+ CRYPTO_THREAD_run_once(&ex_data_init, do_ex_data_init);
+
ip = &ex_data[class_index];
- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+ CRYPTO_THREAD_write_lock(ex_data_lock);
if (ip->meth == NULL) {
ip->meth = sk_EX_CALLBACK_new_null();
/* We push an initial value on the stack because the SSL
@@ -155,7 +168,7 @@ static EX_CALLBACKS *get_and_lock(int class_index)
if (ip->meth == NULL
|| !sk_EX_CALLBACK_push(ip->meth, NULL)) {
CRYPTOerr(CRYPTO_F_GET_AND_LOCK, ERR_R_MALLOC_FAILURE);
- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+ CRYPTO_THREAD_unlock(ex_data_lock);
return NULL;
}
}
@@ -225,7 +238,7 @@ int CRYPTO_free_ex_index(int class_index, int idx)
a->free_func = dummy_free;
toret = 1;
err:
- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+ CRYPTO_THREAD_unlock(ex_data_lock);
return toret;
}
@@ -262,7 +275,7 @@ int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
(void)sk_EX_CALLBACK_set(ip->meth, toret, a);
err:
- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+ CRYPTO_THREAD_unlock(ex_data_lock);
return toret;
}
@@ -296,7 +309,7 @@ int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
for (i = 0; i < mx; i++)
storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
}
- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+ CRYPTO_THREAD_unlock(ex_data_lock);
if (mx > 0 && storage == NULL) {
CRYPTOerr(CRYPTO_F_CRYPTO_NEW_EX_DATA, ERR_R_MALLOC_FAILURE);
@@ -346,7 +359,7 @@ int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
for (i = 0; i < mx; i++)
storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
}
- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+ CRYPTO_THREAD_unlock(ex_data_lock);
if (mx > 0 && storage == NULL) {
CRYPTOerr(CRYPTO_F_CRYPTO_DUP_EX_DATA, ERR_R_MALLOC_FAILURE);
@@ -391,7 +404,7 @@ void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
for (i = 0; i < mx; i++)
storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
}
- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+ CRYPTO_THREAD_unlock(ex_data_lock);
if (mx > 0 && storage == NULL) {
CRYPTOerr(CRYPTO_F_CRYPTO_FREE_EX_DATA, ERR_R_MALLOC_FAILURE);
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 8b50157..9cc8814 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -157,18 +157,25 @@ RSA *RSA_new_method(ENGINE *engine)
ENGINE_finish(ret->engine);
#endif
OPENSSL_free(ret);
- return (NULL);
+ return NULL;
}
- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(ret->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
OPENSSL_free(ret);
+ return NULL;
+ }
+
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+ RSA_free(ret);
ret = NULL;
}
- return (ret);
+
+ return ret;
}
void RSA_free(RSA *r)
@@ -178,7 +185,7 @@ void RSA_free(RSA *r)
if (r == NULL)
return;
- i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_RSA);
+ CRYPTO_atomic_add(&r->references, -1, &i, r->lock);
REF_PRINT_COUNT("RSA", r);
if (i > 0)
return;
@@ -192,6 +199,8 @@ void RSA_free(RSA *r)
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
+ CRYPTO_THREAD_lock_free(r->lock);
+
BN_clear_free(r->n);
BN_clear_free(r->e);
BN_clear_free(r->d);
@@ -208,7 +217,10 @@ void RSA_free(RSA *r)
int RSA_up_ref(RSA *r)
{
- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
+ int i;
+
+ if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0)
+ return 0;
REF_PRINT_COUNT("RSA", r);
REF_ASSERT_ISNT(i < 2);
diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
index b6b7dac..925cf65 100644
--- a/crypto/rsa/rsa_ossl.c
+++ b/crypto/rsa/rsa_ossl.c
@@ -220,7 +220,7 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if (!BN_MONT_CTX_set_locked
- (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+ (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx))
goto err;
if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
@@ -248,18 +248,12 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
{
BN_BLINDING *ret;
- int got_write_lock = 0;
CRYPTO_THREADID cur;
- CRYPTO_r_lock(CRYPTO_LOCK_RSA);
+ CRYPTO_THREAD_write_lock(rsa->lock);
if (rsa->blinding == NULL) {
- CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
- got_write_lock = 1;
-
- if (rsa->blinding == NULL)
- rsa->blinding = RSA_setup_blinding(rsa, ctx);
+ rsa->blinding = RSA_setup_blinding(rsa, ctx);
}
ret = rsa->blinding;
@@ -282,23 +276,13 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
*local = 0;
if (rsa->mt_blinding == NULL) {
- if (!got_write_lock) {
- CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
- got_write_lock = 1;
- }
-
- if (rsa->mt_blinding == NULL)
- rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
+ rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
}
ret = rsa->mt_blinding;
}
err:
- if (got_write_lock)
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
- else
- CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+ CRYPTO_THREAD_unlock(rsa->lock);
return ret;
}
@@ -432,7 +416,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if (!BN_MONT_CTX_set_locked
- (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) {
+ (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) {
BN_free(local_d);
goto err;
}
@@ -566,7 +550,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if (!BN_MONT_CTX_set_locked
- (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) {
+ (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) {
BN_free(local_d);
goto err;
}
@@ -674,7 +658,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if (!BN_MONT_CTX_set_locked
- (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+ (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx))
goto err;
if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
@@ -751,9 +735,9 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) {
if (!BN_MONT_CTX_set_locked
- (&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)
+ (&rsa->_method_mod_p, rsa->lock, p, ctx)
|| !BN_MONT_CTX_set_locked(&rsa->_method_mod_q,
- CRYPTO_LOCK_RSA, q, ctx)) {
+ rsa->lock, q, ctx)) {
BN_free(local_p);
BN_free(local_q);
goto err;
@@ -769,7 +753,7 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if (!BN_MONT_CTX_set_locked
- (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+ (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx))
goto err;
/* compute I mod q */
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 9807b2c..db01b7e 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -416,7 +416,7 @@ int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
void BN_MONT_CTX_free(BN_MONT_CTX *mont);
int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx);
BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock,
const BIGNUM *mod, BN_CTX *ctx);
/* BN_BLINDING flags */
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index bcc5aee..0f09197 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -166,14 +166,11 @@ extern "C" {
*/
# define CRYPTO_LOCK_ERR 1
-# define CRYPTO_LOCK_EX_DATA 2
# define CRYPTO_LOCK_X509 3
# define CRYPTO_LOCK_X509_INFO 4
# define CRYPTO_LOCK_X509_PKEY 5
# define CRYPTO_LOCK_X509_CRL 6
# define CRYPTO_LOCK_X509_REQ 7
-# define CRYPTO_LOCK_DSA 8
-# define CRYPTO_LOCK_RSA 9
# define CRYPTO_LOCK_EVP_PKEY 10
# define CRYPTO_LOCK_X509_STORE 11
# define CRYPTO_LOCK_SSL_CTX 12
@@ -186,13 +183,9 @@ extern "C" {
# define CRYPTO_LOCK_RAND2 19
# define CRYPTO_LOCK_MALLOC 20
# define CRYPTO_LOCK_BIO 21
-# define CRYPTO_LOCK_GETHOSTBYNAME 22
-# define CRYPTO_LOCK_GETSERVBYNAME 23
# define CRYPTO_LOCK_READDIR 24
# define CRYPTO_LOCK_RSA_BLINDING 25
-# define CRYPTO_LOCK_DH 26
# define CRYPTO_LOCK_MALLOC2 27
-# define CRYPTO_LOCK_DSO 28
# define CRYPTO_LOCK_DYNLOCK 29
# define CRYPTO_LOCK_ENGINE 30
# define CRYPTO_LOCK_UI 31
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index 74bc989..50f8e51 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -156,6 +156,7 @@ struct dh_st {
CRYPTO_EX_DATA ex_data;
const DH_METHOD *meth;
ENGINE *engine;
+ CRYPTO_RWLOCK *lock;
};
# define DH_GENERATOR_2 2
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index a338eae..f10e1c2 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -172,6 +172,7 @@ struct dsa_st {
const DSA_METHOD *meth;
/* functional reference if 'meth' is ENGINE-provided */
ENGINE *engine;
+ CRYPTO_RWLOCK *lock;
};
# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
diff --git a/include/openssl/dso.h b/include/openssl/dso.h
index c122997..1eadbd9 100644
--- a/include/openssl/dso.h
+++ b/include/openssl/dso.h
@@ -228,6 +228,7 @@ struct dso_st {
* loaded.
*/
char *loaded_filename;
+ CRYPTO_RWLOCK *lock;
};
DSO *DSO_new(void);
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 4f6d44f..adad0f1 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -158,6 +158,7 @@ struct rsa_st {
char *bignum_data;
BN_BLINDING *blinding;
BN_BLINDING *mt_blinding;
+ CRYPTO_RWLOCK *lock;
};
# ifndef OPENSSL_RSA_MAX_MODULUS_BITS
More information about the openssl-commits
mailing list