diff options
author | Bodo Möller <bodo@openssl.org> | 2011-10-19 14:59:27 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2011-10-19 14:59:27 +0000 |
commit | e5641d7f052d163b92974dc845eef5e3f21f43ee (patch) | |
tree | 48bd231f167ed2008df4a142aa103c60321348ae /CHANGES | |
parent | 6d4c65835de4ed9aa0a37e3234055d075fe0bc58 (diff) |
BN_BLINDING multi-threading fix.
Submitted by: Emilia Kasper (Google)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 21 |
1 files changed, 19 insertions, 2 deletions
@@ -461,6 +461,16 @@ Changes between 1.0.0e and 1.0.0f [xx XXX xxxx] + *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than + BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent + threads won't reuse the same blinding coefficients. + + This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING + lock to call BN_BLINDING_invert_ex, and avoids one use of + BN_BLINDING_update for each BN_BLINDING structure (previously, + the last update always remained unused). + [Emilia Käsper (Google)] + *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf. [Bob Buckholz (Google)] @@ -1371,8 +1381,15 @@ Changes between 0.9.8r and 0.9.8s [xx XXX xxxx] - *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf. - [Bob Buckholz (Google)] + *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than + BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent + threads won't reuse the same blinding coefficients. + + This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING + lock to call BN_BLINDING_invert_ex, and avoids one use of + BN_BLINDING_update for each BN_BLINDING structure (previously, + the last update always remained unused). + [Emilia Käsper (Google)] *) Fix SSL memory handling for (EC)DH ciphersuites, in particular for multi-threaded use of ECDH. |