From 226d4252fa8a9f14200366f16956cf3f39000f7c Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Wed, 9 Aug 2023 12:09:06 +0000
Subject: [PATCH] Rework BN_BLINDING to use pthread_t directly

Instead of CRYPTO_THREADID, which passes pthread_via through unsigned long,
we can use pthread_self() and pthread_equal() directly. This commit keeps
using the awkward 'local' nomenclature as that is used throughout the rsa
code. This will be changed after the blinding code will have been fully
merged into rsa_blinding.c.

ok jsing
---
 lib/libcrypto/rsa/rsa_blinding.c | 14 +++++++-------
 lib/libcrypto/rsa/rsa_eay.c      | 28 +++++++++-------------------
 lib/libcrypto/rsa/rsa_local.h    |  4 ++--
 3 files changed, 18 insertions(+), 28 deletions(-)

diff --git a/lib/libcrypto/rsa/rsa_blinding.c b/lib/libcrypto/rsa/rsa_blinding.c
index e6fd67242d6..cac5bd91d28 100644
--- a/lib/libcrypto/rsa/rsa_blinding.c
+++ b/lib/libcrypto/rsa/rsa_blinding.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_blinding.c,v 1.2 2023/08/09 09:26:43 tb Exp $ */
+/* $OpenBSD: rsa_blinding.c,v 1.3 2023/08/09 12:09:06 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -109,6 +109,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <pthread.h>
 #include <stdio.h>
 
 #include <openssl/opensslconf.h>
@@ -126,7 +127,7 @@ struct bn_blinding_st {
 	BIGNUM *Ai;
 	BIGNUM *e;
 	BIGNUM *mod;
-	CRYPTO_THREADID tid;
+	pthread_t tid;
 	int counter;
 	BN_MONT_CTX *m_ctx;
 	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -157,7 +158,7 @@ BN_BLINDING_new(const BIGNUM *e, const BIGNUM *mod, BN_CTX *ctx,
 
 	/* Update on first use. */
 	ret->counter = BN_BLINDING_COUNTER - 1;
-	CRYPTO_THREADID_current(&ret->tid);
+	ret->tid = pthread_self();
 
 	if (bn_mod_exp != NULL)
 		ret->bn_mod_exp = bn_mod_exp;
@@ -254,10 +255,10 @@ BN_BLINDING_invert(BIGNUM *n, const BIGNUM *inv, BN_BLINDING *b, BN_CTX *ctx)
 	return BN_mod_mul(n, n, inv, b->mod, ctx);
 }
 
-CRYPTO_THREADID *
-BN_BLINDING_thread_id(BN_BLINDING *b)
+int
+BN_BLINDING_is_local(BN_BLINDING *b)
 {
-	return &b->tid;
+	return pthread_equal(pthread_self(), b->tid) != 0;
 }
 
 static BIGNUM *
@@ -320,7 +321,6 @@ RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
 		RSAerror(ERR_R_BN_LIB);
 		goto err;
 	}
-	CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
 
  err:
 	BN_CTX_end(ctx);
diff --git a/lib/libcrypto/rsa/rsa_eay.c b/lib/libcrypto/rsa/rsa_eay.c
index 35b32f6d02c..c2e1e22f9aa 100644
--- a/lib/libcrypto/rsa/rsa_eay.c
+++ b/lib/libcrypto/rsa/rsa_eay.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_eay.c,v 1.64 2023/08/09 09:32:23 tb Exp $ */
+/* $OpenBSD: rsa_eay.c,v 1.65 2023/08/09 12:09:06 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -222,7 +222,6 @@ rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
 {
 	BN_BLINDING *ret;
 	int got_write_lock = 0;
-	CRYPTO_THREADID cur;
 
 	CRYPTO_r_lock(CRYPTO_LOCK_RSA);
 
@@ -235,24 +234,14 @@ rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
 			rsa->blinding = RSA_setup_blinding(rsa, ctx);
 	}
 
-	ret = rsa->blinding;
-	if (ret == NULL)
+	if ((ret = rsa->blinding) == NULL)
 		goto err;
 
-	CRYPTO_THREADID_current(&cur);
-	if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret))) {
-		/* rsa->blinding is ours! */
-		*local = 1;
-	} else {
-		/* resort to rsa->mt_blinding instead */
-		/*
-		 * Instruct rsa_blinding_convert(), rsa_blinding_invert()
-		 * that the BN_BLINDING is shared, meaning that accesses
-		 * require locks, and that the blinding factor must be
-		 * stored outside the BN_BLINDING
-		 */
-		*local = 0;
-
+	/*
+	 * We need a shared blinding. Accesses require locks and a copy of the
+	 * blinding factor needs to be retained on use.
+	 */
+	if ((*local = BN_BLINDING_is_local(ret)) == 0) {
 		if (rsa->mt_blinding == NULL) {
 			if (!got_write_lock) {
 				CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
@@ -266,11 +255,12 @@ rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
 		ret = rsa->mt_blinding;
 	}
 
-err:
+ err:
 	if (got_write_lock)
 		CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
 	else
 		CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+
 	return ret;
 }
 
diff --git a/lib/libcrypto/rsa/rsa_local.h b/lib/libcrypto/rsa/rsa_local.h
index 30d18bfa926..51ed925908a 100644
--- a/lib/libcrypto/rsa/rsa_local.h
+++ b/lib/libcrypto/rsa/rsa_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_local.h,v 1.5 2023/08/09 09:23:03 tb Exp $ */
+/* $OpenBSD: rsa_local.h,v 1.6 2023/08/09 12:09:06 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -159,7 +159,7 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *e, const BIGNUM *mod, BN_CTX *ctx,
 void BN_BLINDING_free(BN_BLINDING *b);
 int BN_BLINDING_convert(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
 int BN_BLINDING_invert(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);
-CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
+int BN_BLINDING_is_local(BN_BLINDING *b);
 BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
 
 __END_HIDDEN_DECLS
-- 
2.20.1