Unapplying patches to prevent spurious conflicts.

3 files changed, 37 insertions, 86 deletions

diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c
index b66f5075..32a8fbaf 100755
--- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c
@@ -824,55 +824,3 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
 		}
 	return bn_cmp_words(a,b,cl);
 	}
-
-/* 
- * Constant-time conditional swap of a and b.  
- * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
- * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
- * and that no more than nwords are used by either a or b.
- * a and b cannot be the same number
- */
-void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
-	{
-	BN_ULONG t;
-	int i;
-
-	bn_wcheck_size(a, nwords);
-	bn_wcheck_size(b, nwords);
-
-	assert(a != b);
-	assert((condition & (condition - 1)) == 0);
-	assert(sizeof(BN_ULONG) >= sizeof(int));
-
-	condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
-
-	t = (a->top^b->top) & condition;
-	a->top ^= t;
-	b->top ^= t;
-
-#define BN_CONSTTIME_SWAP(ind) \
-	do { \
-		t = (a->d[ind] ^ b->d[ind]) & condition; \
-		a->d[ind] ^= t; \
-		b->d[ind] ^= t; \
-	} while (0)
-
-
-	switch (nwords) {
-	default:
-		for (i = 10; i < nwords; i++) 
-			BN_CONSTTIME_SWAP(i);
-		/* Fallthrough */
-	case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
-	case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
-	case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
-	case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
-	case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
-	case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
-	case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
-	case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
-	case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
-	case 1: BN_CONSTTIME_SWAP(0);
-	}
-#undef BN_CONSTTIME_SWAP
-}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c
index 27cafb1f..4799b152 100755
--- a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c
@@ -701,38 +701,32 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
 BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
 					const BIGNUM *mod, BN_CTX *ctx)
 	{
+	int got_write_lock = 0;
 	BN_MONT_CTX *ret;
 
 	CRYPTO_r_lock(lock);
-	ret = *pmont;
-	CRYPTO_r_unlock(lock);
-	if (ret)
-		return ret;
-
-	/* We don't want to serialise globally while doing our lazy-init math in
-	 * BN_MONT_CTX_set. That punishes threads that are doing independent
-	 * things. Instead, punish the case where more than one thread tries to
-	 * lazy-init the same 'pmont', by having each do the lazy-init math work
-	 * independently and only use the one from the thread that wins the race
-	 * (the losers throw away the work they've done). */
-	ret = BN_MONT_CTX_new();
-	if (!ret)
-		return NULL;
-	if (!BN_MONT_CTX_set(ret, mod, ctx))
+	if (!*pmont)
 		{
-		BN_MONT_CTX_free(ret);
-		return NULL;
-		}
+		CRYPTO_r_unlock(lock);
+		CRYPTO_w_lock(lock);
+		got_write_lock = 1;
 
-	/* The locked compare-and-set, after the local work is done. */
-	CRYPTO_w_lock(lock);
-	if (*pmont)
-		{
-		BN_MONT_CTX_free(ret);
-		ret = *pmont;
+		if (!*pmont)
+			{
+			ret = BN_MONT_CTX_new();
+			if (ret && !BN_MONT_CTX_set(ret, mod, ctx))
+				BN_MONT_CTX_free(ret);
+			else
+				*pmont = ret;
+			}
 		}
+	
+	ret = *pmont;
+	
+	if (got_write_lock)
+		CRYPTO_w_unlock(lock);
 	else
-		*pmont = ret;
-	CRYPTO_w_unlock(lock);
+		CRYPTO_r_unlock(lock);
+		
 	return ret;
 	}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c
index de83a15b..ee7b87c4 100755
--- a/Cryptlib/OpenSSL/crypto/bn/bn_word.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_word.c
@@ -144,17 +144,26 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
 			a->neg=!(a->neg);
 		return(i);
 		}
-	for (i=0;w!=0 && i<a->top;i++)
+	/* Only expand (and risk failing) if it's possibly necessary */
+	if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) &&
+			(bn_wexpand(a,a->top+1) == NULL))
+		return(0);
+	i=0;
+	for (;;)
 		{
-		a->d[i] = l = (a->d[i]+w)&BN_MASK2;
-		w = (w>l)?1:0;
+		if (i >= a->top)
+			l=w;
+		else
+			l=(a->d[i]+w)&BN_MASK2;
+		a->d[i]=l;
+		if (w > l)
+			w=1;
+		else
+			break;
+		i++;
 		}
-	if (w && i==a->top)
-		{
-		if (bn_wexpand(a,a->top+1) == NULL) return 0;
+	if (i >= a->top)
 		a->top++;
-		a->d[i]=w;
-		}
 	bn_check_top(a);
 	return(1);
 	}