On Mon, 2003-02-03 at 19:06, Geoff Thorpe via RT wrote:
>
> As mentioned in ticket 489 (which is now closed), this ticket was not
> forgotten, it is waiting on the patch being submitted with a copy to the
> appropriate US agencies.
>
> For the patch itself, I'm not sure about the location (or necessity) of
> _method_mod_n initialisation you've inserted - but I'll wait for the
> resubmission before analysing this properly (could just be me being
> obtuse and scanning the diff too quickly ...)
>
> --
> Geoff Thorpe, RT/openssl.org
Attached is my patch to openssl 0.9.7. This message is CC'ed to the
appropriate US gov't parties.
Thanks!
-david
--- rsa_eay.c.orig 2003-01-20 19:16:46.000000000 -0800
+++ rsa_eay.c 2003-01-20 19:17:54.000000000 -0800
@@ -533,6 +533,31 @@
if (bn_mont_ctx)
BN_MONT_CTX_free(bn_mont_ctx);
}
+
+ if (rsa->_method_mod_n == NULL)
+ {
+ BN_MONT_CTX* bn_mont_ctx;
+ if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
+ goto err;
+ if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
+ {
+ BN_MONT_CTX_free(bn_mont_ctx);
+ goto err;
+ }
+ if (rsa->_method_mod_n == NULL) /* other thread may have
+finished first */
+ {
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ if (rsa->_method_mod_n == NULL)
+ {
+ rsa->_method_mod_n = bn_mont_ctx;
+ bn_mont_ctx = NULL;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+ }
+ if (bn_mont_ctx)
+ BN_MONT_CTX_free(bn_mont_ctx);
+ }
+
}
if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
@@ -565,7 +590,7 @@
if (rsa->e && rsa->n)
{
- if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
+ if
+(!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err;
/* If 'I' was greater than (or equal to) rsa->n, the operation
* will be equivalent to using 'I mod n'. However, the result of
* the verify will *always* be less than 'n' so we don't check
