Rework BN_BLINDING to use pthread_t directly

Instead of CRYPTO_THREADID, which passes pthread_via through unsigned long,
we can use pthread_self() and pthread_equal() directly. This commit keeps
using the awkward 'local' nomenclature as that is used throughout the rsa
code. This will be changed after the blinding code will have been fully
merged into rsa_blinding.c.

ok jsing

diff --git a/lib/libcrypto/rsa/rsa_blinding.c b/lib/libcrypto/rsa/rsa_blinding.c
index e6fd672..cac5bd9 100644 (file)
--- a/lib/libcrypto/rsa/rsa_blinding.c
+++ b/lib/libcrypto/rsa/rsa_blinding.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_blinding.c,v 1.2 2023/08/09 09:26:43 tb Exp $ */
+/* $OpenBSD: rsa_blinding.c,v 1.3 2023/08/09 12:09:06 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -109,6 +109,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <pthread.h>
 #include <stdio.h>
 
 #include <openssl/opensslconf.h>
@@ -126,7 +127,7 @@ struct bn_blinding_st {
        BIGNUM *Ai;
        BIGNUM *e;
        BIGNUM *mod;
-       CRYPTO_THREADID tid;
+       pthread_t tid;
        int counter;
        BN_MONT_CTX *m_ctx;
        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -157,7 +158,7 @@ BN_BLINDING_new(const BIGNUM *e, const BIGNUM *mod, BN_CTX *ctx,
 
        /* Update on first use. */
        ret->counter = BN_BLINDING_COUNTER - 1;
-       CRYPTO_THREADID_current(&ret->tid);
+       ret->tid = pthread_self();
 
        if (bn_mod_exp != NULL)
                ret->bn_mod_exp = bn_mod_exp;
@@ -254,10 +255,10 @@ BN_BLINDING_invert(BIGNUM *n, const BIGNUM *inv, BN_BLINDING *b, BN_CTX *ctx)
        return BN_mod_mul(n, n, inv, b->mod, ctx);
 }
 
-CRYPTO_THREADID *
-BN_BLINDING_thread_id(BN_BLINDING *b)
+int
+BN_BLINDING_is_local(BN_BLINDING *b)
 {
-       return &b->tid;
+       return pthread_equal(pthread_self(), b->tid) != 0;
 }
 
 static BIGNUM *
@@ -320,7 +321,6 @@ RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
                RSAerror(ERR_R_BN_LIB);
                goto err;
        }
-       CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
 
  err:
        BN_CTX_end(ctx);

diff --git a/lib/libcrypto/rsa/rsa_eay.c b/lib/libcrypto/rsa/rsa_eay.c
index 35b32f6..c2e1e22 100644 (file)
--- a/lib/libcrypto/rsa/rsa_eay.c
+++ b/lib/libcrypto/rsa/rsa_eay.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_eay.c,v 1.64 2023/08/09 09:32:23 tb Exp $ */
+/* $OpenBSD: rsa_eay.c,v 1.65 2023/08/09 12:09:06 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -222,7 +222,6 @@ rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
 {
        BN_BLINDING *ret;
        int got_write_lock = 0;
-       CRYPTO_THREADID cur;
 
        CRYPTO_r_lock(CRYPTO_LOCK_RSA);
 
@@ -235,24 +234,14 @@ rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
                        rsa->blinding = RSA_setup_blinding(rsa, ctx);
        }
 
-       ret = rsa->blinding;
-       if (ret == NULL)
+       if ((ret = rsa->blinding) == NULL)
                goto err;
 
-       CRYPTO_THREADID_current(&cur);
-       if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret))) {
-               /* rsa->blinding is ours! */
-               *local = 1;
-       } else {
-               /* resort to rsa->mt_blinding instead */
-               /*
-                * Instruct rsa_blinding_convert(), rsa_blinding_invert()
-                * that the BN_BLINDING is shared, meaning that accesses
-                * require locks, and that the blinding factor must be
-                * stored outside the BN_BLINDING
-                */
-               *local = 0;
-
+       /*
+        * We need a shared blinding. Accesses require locks and a copy of the
+        * blinding factor needs to be retained on use.
+        */
+       if ((*local = BN_BLINDING_is_local(ret)) == 0) {
                if (rsa->mt_blinding == NULL) {
                        if (!got_write_lock) {
                                CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
@@ -266,11 +255,12 @@ rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
                ret = rsa->mt_blinding;
        }
 
-err:
+ err:
        if (got_write_lock)
                CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
        else
                CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+
        return ret;
 }
 

diff --git a/lib/libcrypto/rsa/rsa_local.h b/lib/libcrypto/rsa/rsa_local.h
index 30d18bf..51ed925 100644 (file)
--- a/lib/libcrypto/rsa/rsa_local.h
+++ b/lib/libcrypto/rsa/rsa_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_local.h,v 1.5 2023/08/09 09:23:03 tb Exp $ */
+/* $OpenBSD: rsa_local.h,v 1.6 2023/08/09 12:09:06 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -159,7 +159,7 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *e, const BIGNUM *mod, BN_CTX *ctx,
 void BN_BLINDING_free(BN_BLINDING *b);
 int BN_BLINDING_convert(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
 int BN_BLINDING_invert(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);
-CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
+int BN_BLINDING_is_local(BN_BLINDING *b);
 BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
 
 __END_HIDDEN_DECLS