--- openssl-0.9.8b/crypto/rsa/rsa_eay.c.bn-threadsafe	2005-09-23 01:32:49.000000000 +0200

+++ openssl-0.9.8b/crypto/rsa/rsa_eay.c	2006-07-20 13:41:44.000000000 +0200

@@ -56,7 +56,7 @@

  * [including the GNU Public Licence.]

  */

 /* ====================================================================

- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

  *

  * Redistribution and use in source and binary forms, with or without

  * modification, are permitted provided that the following conditions

@@ -238,40 +238,63 @@

 	return(r);

 	}

-static BN_BLINDING *rsa_get_blinding(RSA *rsa, BIGNUM **r, int *local, BN_CTX *ctx)

+static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)

 {

 	BN_BLINDING *ret;

+	int got_write_lock = 0;

+

+	CRYPTO_r_lock(CRYPTO_LOCK_RSA);

 	if (rsa->blinding == NULL)

 		{

+		CRYPTO_r_unlock(CRYPTO_LOCK_RSA);

+		CRYPTO_w_lock(CRYPTO_LOCK_RSA);

+		got_write_lock = 1;

+

 		if (rsa->blinding == NULL)

-			{

-			CRYPTO_w_lock(CRYPTO_LOCK_RSA);

-			if (rsa->blinding == NULL)

-				rsa->blinding = RSA_setup_blinding(rsa, ctx);

-			CRYPTO_w_unlock(CRYPTO_LOCK_RSA);

-			}

+			rsa->blinding = RSA_setup_blinding(rsa, ctx);

 		}

 	ret = rsa->blinding;

 	if (ret == NULL)

-		return NULL;

+		goto err;

-	if (BN_BLINDING_get_thread_id(ret) != CRYPTO_thread_id())

+	if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id())

 		{

-		*local = 0;

+		/* rsa->blinding is ours! */

+

+		*local = 1;

+		}

+	else

+		{

+		/* resort to rsa->mt_blinding instead */

+

+		*local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert()

+		             * that the BN_BLINDING is shared, meaning that accesses

+		             * require locks, and that the blinding factor must be

+		             * stored outside the BN_BLINDING

+		             */

+

 		if (rsa->mt_blinding == NULL)

 			{

-			CRYPTO_w_lock(CRYPTO_LOCK_RSA);

+			if (!got_write_lock)

+				{

+				CRYPTO_r_unlock(CRYPTO_LOCK_RSA);

+				CRYPTO_w_lock(CRYPTO_LOCK_RSA);

+				got_write_lock = 1;

+				}

+			

 			if (rsa->mt_blinding == NULL)

 				rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);

-			CRYPTO_w_unlock(CRYPTO_LOCK_RSA);

 			}

 		ret = rsa->mt_blinding;

 		}

-	else

-		*local = 1;

+ err:

+	if (got_write_lock)

+		CRYPTO_w_unlock(CRYPTO_LOCK_RSA);

+	else

+		CRYPTO_r_unlock(CRYPTO_LOCK_RSA);

 	return ret;

 }

@@ -358,7 +381,7 @@

 	if (!(rsa->flags & RSA_FLAG_NO_BLINDING))

 		{

-		blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx);

+		blinding = rsa_get_blinding(rsa, &local_blinding, ctx);

 		if (blinding == NULL)

 			{

 			RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);

@@ -479,7 +502,7 @@

 	if (!(rsa->flags & RSA_FLAG_NO_BLINDING))

 		{

-		blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx);

+		blinding = rsa_get_blinding(rsa, &local_blinding, ctx);

 		if (blinding == NULL)

 			{

 			RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);

--- openssl-0.9.8b/crypto/bn/bn_mont.c.bn-threadsafe	2005-11-11 13:59:39.000000000 +0100

+++ openssl-0.9.8b/crypto/bn/bn_mont.c	2006-07-20 13:42:07.000000000 +0200

@@ -55,6 +55,59 @@

  * copied and put under another distribution licence

  * [including the GNU Public Licence.]

  */

+/* ====================================================================

+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

+ *

+ * Redistribution and use in source and binary forms, with or without

+ * modification, are permitted provided that the following conditions

+ * are met:

+ *

+ * 1. Redistributions of source code must retain the above copyright

+ *    notice, this list of conditions and the following disclaimer. 

+ *

+ * 2. Redistributions in binary form must reproduce the above copyright

+ *    notice, this list of conditions and the following disclaimer in

+ *    the documentation and/or other materials provided with the

+ *    distribution.

+ *

+ * 3. All advertising materials mentioning features or use of this

+ *    software must display the following acknowledgment:

+ *    "This product includes software developed by the OpenSSL Project

+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

+ *

+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

+ *    endorse or promote products derived from this software without

+ *    prior written permission. For written permission, please contact

+ *    openssl-core@openssl.org.

+ *

+ * 5. Products derived from this software may not be called "OpenSSL"

+ *    nor may "OpenSSL" appear in their names without prior written

+ *    permission of the OpenSSL Project.

+ *

+ * 6. Redistributions of any form whatsoever must retain the following

+ *    acknowledgment:

+ *    "This product includes software developed by the OpenSSL Project

+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

+ *

+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

+ * OF THE POSSIBILITY OF SUCH DAMAGE.

+ * ====================================================================

+ *

+ * This product includes cryptographic software written by Eric Young

+ * (eay@cryptsoft.com).  This product includes software written by Tim

+ * Hudson (tjh@cryptsoft.com).

+ *

+ */

 /*

  * Details about Montgomery multiplication algorithms can be found at

@@ -353,18 +406,32 @@

 BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,

 					const BIGNUM *mod, BN_CTX *ctx)

 	{

-	if (*pmont)

-		return *pmont;

-	CRYPTO_w_lock(lock);

+	int got_write_lock = 0;

+	BN_MONT_CTX *ret;

+

+	CRYPTO_r_lock(lock);

 	if (!*pmont)

 		{

-		BN_MONT_CTX *mtmp;

-		mtmp = BN_MONT_CTX_new();

-		if (mtmp && !BN_MONT_CTX_set(mtmp, mod, ctx))

-			BN_MONT_CTX_free(mtmp);

-		else

-			*pmont = mtmp;

+		CRYPTO_r_unlock(lock);

+		CRYPTO_w_lock(lock);

+		got_write_lock = 1;

+

+		if (!*pmont)

+			{

+			ret = BN_MONT_CTX_new();

+			if (ret && !BN_MONT_CTX_set(ret, mod, ctx))

+				BN_MONT_CTX_free(ret);

+			else

+				*pmont = ret;

+			}

 		}

-	CRYPTO_w_unlock(lock);

-	return *pmont;

+	

+	ret = *pmont;

+	

+	if (got_write_lock)

+		CRYPTO_w_unlock(lock);

+	else

+		CRYPTO_r_unlock(lock);

+		

+	return ret;

 	}

--- openssl-0.9.8b/crypto/err/err.c.bn-threadsafe	2006-02-08 20:16:16.000000000 +0100

+++ openssl-0.9.8b/crypto/err/err.c	2006-07-20 13:41:44.000000000 +0200

@@ -548,9 +548,20 @@

 	int i;

 	static int init = 1;

-	if (!init) return;

-

+	CRYPTO_r_lock(CRYPTO_LOCK_ERR);

+	if (!init)

+		{

+		CRYPTO_r_unlock(CRYPTO_LOCK_ERR);

+		return;

+		}

+	

+	CRYPTO_r_unlock(CRYPTO_LOCK_ERR);

 	CRYPTO_w_lock(CRYPTO_LOCK_ERR);

+	if (!init)

+		{

+		CRYPTO_w_unlock(CRYPTO_LOCK_ERR);

+		return;

+		}

 	for (i = 1; i <= NUM_SYS_STR_REASONS; i++)

 		{

--- openssl-0.9.8b/ssl/ssl_ciph.c.bn-threadsafe	2006-04-15 02:22:34.000000000 +0200

+++ openssl-0.9.8b/ssl/ssl_ciph.c	2006-07-20 13:41:44.000000000 +0200

@@ -56,6 +56,59 @@

  * [including the GNU Public Licence.]

  */

 /* ====================================================================

+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

+ *

+ * Redistribution and use in source and binary forms, with or without

+ * modification, are permitted provided that the following conditions

+ * are met:

+ *

+ * 1. Redistributions of source code must retain the above copyright

+ *    notice, this list of conditions and the following disclaimer. 

+ *

+ * 2. Redistributions in binary form must reproduce the above copyright

+ *    notice, this list of conditions and the following disclaimer in

+ *    the documentation and/or other materials provided with the

+ *    distribution.

+ *

+ * 3. All advertising materials mentioning features or use of this

+ *    software must display the following acknowledgment:

+ *    "This product includes software developed by the OpenSSL Project

+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

+ *

+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

+ *    endorse or promote products derived from this software without

+ *    prior written permission. For written permission, please contact

+ *    openssl-core@openssl.org.

+ *

+ * 5. Products derived from this software may not be called "OpenSSL"

+ *    nor may "OpenSSL" appear in their names without prior written

+ *    permission of the OpenSSL Project.

+ *

+ * 6. Redistributions of any form whatsoever must retain the following

+ *    acknowledgment:

+ *    "This product includes software developed by the OpenSSL Project

+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

+ *

+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

+ * OF THE POSSIBILITY OF SUCH DAMAGE.

+ * ====================================================================

+ *

+ * This product includes cryptographic software written by Eric Young

+ * (eay@cryptsoft.com).  This product includes software written by Tim

+ * Hudson (tjh@cryptsoft.com).

+ *

+ */

+/* ====================================================================

  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

  * ECC cipher suite support in OpenSSL originally developed by 

  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

@@ -203,36 +256,46 @@

 static void load_builtin_compressions(void)

 	{

-	if (ssl_comp_methods != NULL)

-		return;

+	int got_write_lock = 0;

-	CRYPTO_w_lock(CRYPTO_LOCK_SSL);

+	CRYPTO_r_lock(CRYPTO_LOCK_SSL);

 	if (ssl_comp_methods == NULL)

 		{

-		SSL_COMP *comp = NULL;

-

-		MemCheck_off();

-		ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);

-		if (ssl_comp_methods != NULL)

+		CRYPTO_r_unlock(CRYPTO_LOCK_SSL);

+		CRYPTO_w_lock(CRYPTO_LOCK_SSL);

+		got_write_lock = 1;

+		

+		if (ssl_comp_methods == NULL)

 			{

-			comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));

-			if (comp != NULL)

+			SSL_COMP *comp = NULL;

+

+			MemCheck_off();

+			ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);

+			if (ssl_comp_methods != NULL)

 				{

-				comp->method=COMP_zlib();

-				if (comp->method

-					&& comp->method->type == NID_undef)

-					OPENSSL_free(comp);

-				else

+				comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));

+				if (comp != NULL)

 					{

-					comp->id=SSL_COMP_ZLIB_IDX;

-					comp->name=comp->method->name;

-					sk_SSL_COMP_push(ssl_comp_methods,comp);

+					comp->method=COMP_zlib();

+					if (comp->method

+						&& comp->method->type == NID_undef)

+						OPENSSL_free(comp);

+					else

+						{

+						comp->id=SSL_COMP_ZLIB_IDX;

+						comp->name=comp->method->name;

+						sk_SSL_COMP_push(ssl_comp_methods,comp);

+						}

 					}

 				}

+			MemCheck_on();

 			}

-		MemCheck_on();

 		}

-	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);

+	

+	if (got_write_lock)

+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);

+	else

+		CRYPTO_r_unlock(CRYPTO_LOCK_SSL);

 	}

 #endif

--- openssl-0.9.8b/ssl/ssl_cert.c.bn-threadsafe	2006-02-24 18:58:35.000000000 +0100

+++ openssl-0.9.8b/ssl/ssl_cert.c	2006-07-20 13:41:44.000000000 +0200

@@ -56,7 +56,7 @@

  * [including the GNU Public Licence.]

  */

 /* ====================================================================

- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

  *

  * Redistribution and use in source and binary forms, with or without

  * modification, are permitted provided that the following conditions

@@ -73,12 +73,12 @@

  * 3. All advertising materials mentioning features or use of this

  *    software must display the following acknowledgment:

  *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

  *

  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  *    endorse or promote products derived from this software without

  *    prior written permission. For written permission, please contact

- *    openssl-core@OpenSSL.org.

+ *    openssl-core@openssl.org.

  *

  * 5. Products derived from this software may not be called "OpenSSL"

  *    nor may "OpenSSL" appear in their names without prior written

@@ -87,7 +87,7 @@

  * 6. Redistributions of any form whatsoever must retain the following

  *    acknowledgment:

  *    "This product includes software developed by the OpenSSL Project

- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

  *

  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

@@ -102,6 +102,11 @@

  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  * OF THE POSSIBILITY OF SUCH DAMAGE.

  * ====================================================================

+ *

+ * This product includes cryptographic software written by Eric Young

+ * (eay@cryptsoft.com).  This product includes software written by Tim

+ * Hudson (tjh@cryptsoft.com).

+ *

  */

 /* ====================================================================

  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

@@ -130,21 +135,28 @@

 int SSL_get_ex_data_X509_STORE_CTX_idx(void)

 	{

 	static volatile int ssl_x509_store_ctx_idx= -1;

+	int got_write_lock = 0;

+

+	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);

 	if (ssl_x509_store_ctx_idx < 0)

 		{

-		/* any write lock will do; usually this branch

-		 * will only be taken once anyway */

+		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);

 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);

+		got_write_lock = 1;

 		if (ssl_x509_store_ctx_idx < 0)

 			{

 			ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(

 				0,"SSL for verify callback",NULL,NULL,NULL);

 			}

-		

-		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);

 		}

+

+	if (got_write_lock)

+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);

+	else

+		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);

+	

 	return ssl_x509_store_ctx_idx;

 	}