Skip to content

Commit 4aa9927

Browse files
SparkiDevSparkiDev
authored
Merge pull request #209 from anhu/PRIVATE_KEY_LOCK
Private key lock
2 parents 2028cf0 + 0f9110b commit 4aa9927

File tree

6 files changed

+62
-1
lines changed

6 files changed

+62
-1
lines changed

src/we_dh.c

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -406,8 +406,10 @@ static int we_dh_generate_key_int(DH *dh, we_Dh *engineDh)
406406
ret = we_dh_bignum_to_bin(DH_get0_g(dh), &gBuf, &gBufLen);
407407
if (ret == 1) {
408408
/* Perform key agree: y^x but y == g therefore g^x. */
409+
PRIVATE_KEY_UNLOCK();
409410
rc = wc_DhAgree(&engineDh->key, pub, &pubLen, priv, privLen,
410411
gBuf, gBufLen);
412+
PRIVATE_KEY_LOCK();
411413
if (rc != 0) {
412414
WOLFENGINE_ERROR_FUNC(WE_LOG_KE, "wc_DhAgree", rc);
413415
ret = 0;
@@ -425,8 +427,10 @@ static int we_dh_generate_key_int(DH *dh, we_Dh *engineDh)
425427
else
426428
#endif
427429
{
430+
PRIVATE_KEY_UNLOCK();
428431
rc = wc_DhGenerateKeyPair(&engineDh->key, pRng, priv, &privLen,
429432
pub, &pubLen);
433+
PRIVATE_KEY_LOCK();
430434
if (rc != 0) {
431435
WOLFENGINE_ERROR_FUNC(WE_LOG_KE, "wc_DhGenerateKeyPair",
432436
rc);
@@ -612,8 +616,10 @@ static int we_dh_compute_key_int(we_Dh *engineDh, unsigned char *secret,
612616
/* Set length of secret buffer into appropriate typed variable. */
613617
secLen = (unsigned int)*secretLen;
614618
/* Calculate the secret. */
619+
PRIVATE_KEY_UNLOCK();
615620
rc = wc_DhAgree(&engineDh->key, secret, &secLen, privBuf, privLen,
616621
pubBuf, pubLen);
622+
PRIVATE_KEY_LOCK();
617623
if (rc != 0) {
618624
WOLFENGINE_ERROR_FUNC(WE_LOG_KE, "wc_DhAgree", rc);
619625
ret = 0;

src/we_ecc.c

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -753,8 +753,10 @@ static int we_pkey_ecdsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *sig
753753
/* Sign the data with wolfSSL EC key object. */
754754
outLen = (word32)*sigLen;
755755
#ifndef WE_ECC_USE_GLOBAL_RNG
756+
PRIVATE_KEY_UNLOCK();
756757
rc = wc_ecc_sign_hash(tbs, (word32)tbsLen, sig, &outLen, &ecc->rng,
757758
&ecc->key);
759+
PRIVATE_KEY_LOCK();
758760
#else
759761
#ifndef WE_SINGLE_THREADED
760762
rc = wc_LockMutex(we_rng_mutex);
@@ -765,8 +767,10 @@ static int we_pkey_ecdsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *sig
765767
else
766768
#endif /* !WE_SINGLE_THREADED */
767769
{
770+
PRIVATE_KEY_UNLOCK();
768771
rc = wc_ecc_sign_hash(tbs, (word32)tbsLen, sig, &outLen, we_rng,
769772
&ecc->key);
773+
PRIVATE_KEY_LOCK();
770774
#ifndef WE_SINGLE_THREADED
771775
wc_UnLockMutex(we_rng_mutex);
772776
#endif
@@ -998,7 +1002,9 @@ static int we_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
9981002
if (ret == 1) {
9991003
/* Generate a new EC key with wolfSSL. */
10001004
#ifndef WE_ECC_USE_GLOBAL_RNG
1005+
PRIVATE_KEY_UNLOCK();
10011006
rc = wc_ecc_make_key_ex(&ecc->rng, len, &ecc->key, ecc->curveId);
1007+
PRIVATE_KEY_LOCK();
10021008
#else
10031009
#ifndef WE_SINGLE_THREADED
10041010
rc = wc_LockMutex(we_rng_mutex);
@@ -1009,7 +1015,9 @@ static int we_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
10091015
else
10101016
#endif /* !WE_SINGLE_THREADED */
10111017
{
1018+
PRIVATE_KEY_UNLOCK();
10121019
rc = wc_ecc_make_key_ex(we_rng, len, &ecc->key, ecc->curveId);
1020+
PRIVATE_KEY_LOCK();
10131021
#ifndef WE_SINGLE_THREADED
10141022
wc_UnLockMutex(we_rng_mutex);
10151023
#endif
@@ -1134,21 +1142,26 @@ static int we_ecdh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keyLen)
11341142
if (ecc->kdfType == EVP_PKEY_ECDH_KDF_NONE) {
11351143
len = (word32)*keyLen;
11361144
/* Calculate shared secret using wolfSSL. */
1145+
PRIVATE_KEY_UNLOCK();
11371146
rc = wc_ecc_shared_secret(&ecc->key, &peer, key, &len);
1147+
PRIVATE_KEY_LOCK();
11381148
if (rc != 0) {
11391149
WOLFENGINE_ERROR_FUNC(WE_LOG_PK,
11401150
"wc_ecc_shared_secret", rc);
11411151
ret = 0;
11421152
}
11431153
}
11441154
else {
1145-
/* Maximum output size supported for curves supported. */
1155+
/* Maximum output size supported for curves supported.
1156+
*/
11461157
unsigned char out[72];
11471158

11481159
/* Get buffer length. */
11491160
len = (word32)sizeof(out);
11501161
/* Calculate shared secret using wolfSSL. */
1162+
PRIVATE_KEY_UNLOCK();
11511163
rc = wc_ecc_shared_secret(&ecc->key, &peer, out, &len);
1164+
PRIVATE_KEY_LOCK();
11521165
if (rc != 0) {
11531166
WOLFENGINE_ERROR_FUNC(WE_LOG_PK,
11541167
"wc_ecc_shared_secret", rc);
@@ -1781,7 +1794,9 @@ static int we_ec_key_keygen(EC_KEY *key)
17811794
else
17821795
#endif
17831796
{
1797+
PRIVATE_KEY_UNLOCK();
17841798
rc = wc_ecc_make_key_ex(pRng, len, &ecc, curveId);
1799+
PRIVATE_KEY_LOCK();
17851800
#if defined(WE_ECC_USE_GLOBAL_RNG) && !defined(WE_SINGLE_THREADED)
17861801
wc_UnLockMutex(we_rng_mutex);
17871802
#endif
@@ -1946,7 +1961,9 @@ static int we_ec_key_compute_key(unsigned char **psec, size_t *pseclen,
19461961
#endif
19471962
{
19481963
/* Calculate shared secret. */
1964+
PRIVATE_KEY_UNLOCK();
19491965
rc = wc_ecc_shared_secret(pKey, pPeer, secret, &len);
1966+
PRIVATE_KEY_LOCK();
19501967
if (rc != 0) {
19511968
WOLFENGINE_ERROR_FUNC(WE_LOG_PK, "wc_ecc_shared_secret", rc);
19521969
ret = 0;
@@ -2106,7 +2123,9 @@ static ECDSA_SIG* we_ecdsa_do_sign_ex(const unsigned char *d, int dlen,
21062123
else
21072124
#endif
21082125
{
2126+
PRIVATE_KEY_UNLOCK();
21092127
rc = wc_ecc_sign_hash_ex(d, dlen, pRng, &we_key, &sig_r, &sig_s);
2128+
PRIVATE_KEY_LOCK();
21102129
#if defined(WE_ECC_USE_GLOBAL_RNG) && !defined(WE_SINGLE_THREADED)
21112130
wc_UnLockMutex(we_rng_mutex);
21122131
#endif
@@ -2423,7 +2442,9 @@ static int we_ec_key_sign(int type, const unsigned char *dgst, int dLen,
24232442
else
24242443
#endif
24252444
{
2445+
PRIVATE_KEY_UNLOCK();
24262446
rc = wc_ecc_sign_hash(dgst, dLen, sig, &outLen, pRng, &key);
2447+
PRIVATE_KEY_LOCK();
24272448
#if defined(WE_ECC_USE_GLOBAL_RNG) && !defined(WE_SINGLE_THREADED)
24282449
wc_UnLockMutex(we_rng_mutex);
24292450
#endif

src/we_hkdf.c

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -148,17 +148,21 @@ static int we_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
148148
ret = 0;
149149
}
150150
if ((ret == 1) && (hkdf->mode == EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND)) {
151+
PRIVATE_KEY_UNLOCK();
151152
rc = wc_HKDF(hkdf->mdType, hkdf->key, (word32)hkdf->keySz, hkdf->salt,
152153
(word32)hkdf->saltSz, hkdf->info, (word32)hkdf->infoSz, key,
153154
(word32)*keySz);
155+
PRIVATE_KEY_LOCK();
154156
if (rc != 0) {
155157
WOLFENGINE_ERROR_FUNC(WE_LOG_PK, "wc_HKDF", rc);
156158
ret = 0;
157159
}
158160
}
159161
else if ((ret == 1) && (hkdf->mode == EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY)) {
162+
PRIVATE_KEY_UNLOCK();
160163
rc = wc_HKDF_Extract(hkdf->mdType, hkdf->salt, (word32)hkdf->saltSz,
161164
hkdf->key, (word32)hkdf->keySz, key);
165+
PRIVATE_KEY_LOCK();
162166
if (rc != 0) {
163167
WOLFENGINE_ERROR_FUNC(WE_LOG_PK, "wc_HKDF_Extract", rc);
164168
ret = 0;
@@ -168,8 +172,10 @@ static int we_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
168172
}
169173
}
170174
else if ((ret == 1) && (hkdf->mode == EVP_PKEY_HKDEF_MODE_EXPAND_ONLY)) {
175+
PRIVATE_KEY_UNLOCK();
171176
rc = wc_HKDF_Expand(hkdf->mdType, hkdf->key, (word32)hkdf->keySz,
172177
hkdf->info, (word32)hkdf->infoSz, key, (word32)*keySz);
178+
PRIVATE_KEY_LOCK();
173179
if (rc != 0) {
174180
WOLFENGINE_ERROR_FUNC(WE_LOG_PK, "wc_HKDF_Expand", rc);
175181
ret = 0;

src/we_pbe.c

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -174,8 +174,10 @@ static int we_pbkdf2_keygen(EVP_CIPHER_CTX *ctx, const char *passwd,
174174

175175
WOLFENGINE_MSG(WE_LOG_PBE, "Deriving key with PBKDF2");
176176
/* Derive the key. */
177+
PRIVATE_KEY_UNLOCK();
177178
rc = wc_PBKDF2_ex(key, (const byte*)passwd, passwdLen, salt, sLen,
178179
iterations, kLen, hashType, NULL, INVALID_DEVID);
180+
PRIVATE_KEY_LOCK();
179181
if (rc != 0) {
180182
WOLFENGINE_ERROR_FUNC(WE_LOG_PBE, "wc_PBKDF2_ex", rc);
181183
ret = 0;
@@ -363,17 +365,21 @@ static int we_pbe_keyivgen(EVP_CIPHER_CTX *ctx, const char *passwd,
363365

364366
WOLFENGINE_MSG(WE_LOG_PBE, "Deriving key with PKCS#12 PBKDF");
365367
/* Derive the key using the unicode password and id for a key. */
368+
PRIVATE_KEY_UNLOCK();
366369
rc = wc_PKCS12_PBKDF_ex(key, uniPass, uniLen, salt, sLen, iterations,
367370
kLen, hashType, PKCS12_KEY_ID, NULL);
371+
PRIVATE_KEY_LOCK();
368372
if (rc != 0) {
369373
WOLFENGINE_ERROR_FUNC(WE_LOG_PBE, "wc_PBKDF1_ex", rc);
370374
ret = 0;
371375
}
372376
}
373377
if (ret == 1) {
374378
/* Derive the IV using the unicode password and id for an IV. */
379+
PRIVATE_KEY_UNLOCK();
375380
rc = wc_PKCS12_PBKDF_ex(iv, uniPass, uniLen, salt, sLen, iterations,
376381
ivLen, hashType, PKCS12_IV_ID, NULL);
382+
PRIVATE_KEY_LOCK();
377383
if (rc != 0) {
378384
WOLFENGINE_ERROR_FUNC(WE_LOG_PBE, "wc_PBKDF1_ex", rc);
379385
ret = 0;

src/we_rsa.c

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -913,8 +913,10 @@ static int we_rsa_priv_dec_int(size_t fromLen, const unsigned char *from,
913913
}
914914
else {
915915
/* PKCS#1 v1.5 padding using block type 2. */
916+
PRIVATE_KEY_UNLOCK();
916917
ret = wc_RsaPrivateDecrypt(from, (word32)fromLen, to,
917918
(word32)toLen, &rsa->key);
919+
PRIVATE_KEY_LOCK();
918920
if (ret < 0) {
919921
WOLFENGINE_ERROR_FUNC(WE_LOG_PK, "wc_RsaPrivateDecrypt",
920922
ret);
@@ -934,10 +936,12 @@ static int we_rsa_priv_dec_int(size_t fromLen, const unsigned char *from,
934936
}
935937
else {
936938
mdMGF1 = rsa->mdMGF1 != NULL ? rsa->mdMGF1 : rsa->md;
939+
PRIVATE_KEY_UNLOCK();
937940
ret = wc_RsaPrivateDecrypt_ex(from, (word32)fromLen, to,
938941
(word32)toLen, &rsa->key, WC_RSA_OAEP_PAD,
939942
we_nid_to_wc_hash_type(EVP_MD_type(rsa->md)),
940943
we_mgf_from_hash(EVP_MD_type(mdMGF1)), NULL, 0);
944+
PRIVATE_KEY_LOCK();
941945
if (ret < 0) {
942946
WOLFENGINE_ERROR_FUNC(WE_LOG_PK,
943947
"wc_RsaPrivateDecrypt_ex", ret);
@@ -948,10 +952,12 @@ static int we_rsa_priv_dec_int(size_t fromLen, const unsigned char *from,
948952
case RSA_NO_PADDING:
949953
WOLFENGINE_MSG(WE_LOG_PK, "padMode: RSA_NO_PADDING");
950954
/* Raw private decrypt - no padding. */
955+
PRIVATE_KEY_UNLOCK();
951956
ret = wc_RsaPrivateDecrypt_ex(from, (word32)fromLen, to,
952957
(word32)toLen, &rsa->key, WC_RSA_NO_PAD,
953958
WC_HASH_TYPE_NONE,
954959
0, NULL, 0);
960+
PRIVATE_KEY_LOCK();
955961
if (ret < 0) {
956962
WOLFENGINE_ERROR_FUNC(WE_LOG_PK, "wc_RsaPrivateDecrypt_ex",
957963
ret);
@@ -1097,8 +1103,10 @@ static int we_rsa_priv_enc_int(size_t fromLen, const unsigned char *from,
10971103
case RSA_PKCS1_PADDING:
10981104
WOLFENGINE_MSG(WE_LOG_PK, "padMode: RSA_PKCS1_PADDING");
10991105
/* PKCS#1 v1.5 padding using block type 1. */
1106+
PRIVATE_KEY_UNLOCK();
11001107
ret = wc_RsaSSL_Sign(from, (word32)fromLen, to, (word32)toLen,
11011108
&rsa->key, rng);
1109+
PRIVATE_KEY_LOCK();
11021110
if (ret < 0) {
11031111
WOLFENGINE_ERROR_FUNC(WE_LOG_PK, "wc_RsaSSL_Sign", ret);
11041112
ret = -1;
@@ -1107,8 +1115,10 @@ static int we_rsa_priv_enc_int(size_t fromLen, const unsigned char *from,
11071115
case RSA_NO_PADDING:
11081116
WOLFENGINE_MSG(WE_LOG_PK, "padMode: RSA_NO_PADDING");
11091117
/* Raw private encrypt - no padding. */
1118+
PRIVATE_KEY_UNLOCK();
11101119
ret = wc_RsaDirect((byte*)from, (unsigned int)fromLen, to, &tLen,
11111120
&rsa->key, RSA_PRIVATE_ENCRYPT, rng);
1121+
PRIVATE_KEY_LOCK();
11121122
if (ret < 0) {
11131123
WOLFENGINE_ERROR_FUNC(WE_LOG_PK, "wc_RsaDirect", ret);
11141124
ret = -1;
@@ -1130,10 +1140,12 @@ static int we_rsa_priv_enc_int(size_t fromLen, const unsigned char *from,
11301140
}
11311141
/* When MGF1 digest is not specified, use signing digest. */
11321142
mdMGF1 = rsa->mdMGF1 != NULL ? rsa->mdMGF1 : rsa->md;
1143+
PRIVATE_KEY_UNLOCK();
11331144
ret = wc_RsaPSS_Sign_ex(from, (word32)fromLen, to,
11341145
(word32)toLen, we_nid_to_wc_hash_type(EVP_MD_type(rsa->md)),
11351146
we_mgf_from_hash(EVP_MD_type(mdMGF1)), wc_saltLen,
11361147
&rsa->key, rng);
1148+
PRIVATE_KEY_LOCK();
11371149
if (ret < 0) {
11381150
WOLFENGINE_ERROR_FUNC(WE_LOG_PK, "wc_RsaPSS_Sign_ex", ret);
11391151
ret = -1;
@@ -1162,8 +1174,10 @@ static int we_rsa_priv_enc_int(size_t fromLen, const unsigned char *from,
11621174
ret = -1;
11631175
}
11641176
else {
1177+
PRIVATE_KEY_UNLOCK();
11651178
ret = wc_RsaDirect(padded, paddedSz, to, &tLen,
11661179
&rsa->key, RSA_PRIVATE_ENCRYPT, rng);
1180+
PRIVATE_KEY_UNLOCK();
11671181
if (ret < 0) {
11681182
WOLFENGINE_ERROR_FUNC(WE_LOG_PK, "wc_RsaDirect",
11691183
ret);
@@ -1379,8 +1393,10 @@ static int we_rsa_pub_dec_int(size_t fromLen, const unsigned char *from,
13791393
else
13801394
#endif
13811395
{
1396+
PRIVATE_KEY_UNLOCK();
13821397
ret = wc_RsaDirect((byte*)from, (unsigned int)fromLen, to,
13831398
&tLen, &rsa->key, RSA_PUBLIC_DECRYPT, rng);
1399+
PRIVATE_KEY_LOCK();
13841400
if (ret < 0) {
13851401
WOLFENGINE_ERROR_FUNC(WE_LOG_PK, "wc_RsaDirect", ret);
13861402
ret = -1;
@@ -1422,8 +1438,10 @@ static int we_rsa_pub_dec_int(size_t fromLen, const unsigned char *from,
14221438
#ifdef WE_HAVE_RSA_X931
14231439
case RSA_X931_PADDING:
14241440
WOLFENGINE_MSG(WE_LOG_PK, "padMode: RSA_X931_PADDING");
1441+
PRIVATE_KEY_UNLOCK();
14251442
ret = wc_RsaDirect((byte*)from, (unsigned int)fromLen, to,
14261443
&tLen, &rsa->key, RSA_PUBLIC_DECRYPT, rng);
1444+
PRIVATE_KEY_LOCK();
14271445
if (ret < 0) {
14281446
WOLFENGINE_ERROR_FUNC(WE_LOG_PK, "wc_RsaDirect", ret);
14291447
ret = -1;

src/we_tls_prf.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -144,21 +144,25 @@ static int we_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
144144
/* Calculate key.
145145
* Label is included in seed so pass in buffer and 0 length for label.
146146
*/
147+
PRIVATE_KEY_UNLOCK();
147148
rc = wc_PRF_TLSv1(key, (word32)*keySz, tls1Prf->secret,
148149
(word32)(tls1Prf->secretSz), (byte*)"", 0,
149150
tls1Prf->seed, (word32)(tls1Prf->seedSz), NULL,
150151
INVALID_DEVID);
152+
PRIVATE_KEY_LOCK();
151153
if (rc != 0) {
152154
WOLFENGINE_ERROR_FUNC(WE_LOG_PK, "wc_PRF_TLSv1", rc);
153155
ret = 0;
154156
}
155157
}
156158
else if (ret == 1) {
159+
PRIVATE_KEY_UNLOCK();
157160
rc = wc_PRF_TLS(key, (word32)*keySz, tls1Prf->secret,
158161
(word32)(tls1Prf->secretSz), (byte*)"", 0,
159162
tls1Prf->seed, (word32)(tls1Prf->seedSz), 1,
160163
tls1Prf->mdType == NID_sha256 ? sha256_mac : sha384_mac,
161164
NULL, INVALID_DEVID);
165+
PRIVATE_KEY_LOCK();
162166
if (rc != 0) {
163167
WOLFENGINE_ERROR_FUNC(WE_LOG_PK, "wc_PRF_TLS", rc);
164168
ret = 0;

0 commit comments

Comments
 (0)