From b08b8c38c7d8a8ff739875e4d6a3aae27abedff0 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 19 Mar 2024 13:34:28 +1000 Subject: [PATCH] Add threading documentation to DH and DSA The RSA, etc., APIs have some discussion on threading expectations. We should have the same text on DH and DSA. While I'm here, const-correct DSA_SIG in some legacy DSA APIs. Change-Id: I6ad43c9347c320dc0b1c8e73850fa07c41e028ea Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/67247 Reviewed-by: Theo Buehler Auto-Submit: David Benjamin Reviewed-by: Bob Beck Commit-Queue: Bob Beck (cherry picked from commit c5e9b4be0f2fabaac68961c0edce381703731d03) --- crypto/dsa/dsa.c | 5 +++-- include/openssl/dh.h | 18 +++++++++++++++++- include/openssl/dsa.h | 13 ++++++++++--- 3 files changed, 30 insertions(+), 6 deletions(-) diff --git a/crypto/dsa/dsa.c b/crypto/dsa/dsa.c index 24063ae8ac..893a595f88 100644 --- a/crypto/dsa/dsa.c +++ b/crypto/dsa/dsa.c @@ -712,7 +712,7 @@ DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len, const DSA *dsa) { return ret; } -int DSA_do_verify(const uint8_t *digest, size_t digest_len, DSA_SIG *sig, +int DSA_do_verify(const uint8_t *digest, size_t digest_len, const DSA_SIG *sig, const DSA *dsa) { int valid; if (!DSA_do_check_signature(&valid, digest, digest_len, sig, dsa)) { @@ -722,7 +722,8 @@ int DSA_do_verify(const uint8_t *digest, size_t digest_len, DSA_SIG *sig, } int DSA_do_check_signature(int *out_valid, const uint8_t *digest, - size_t digest_len, DSA_SIG *sig, const DSA *dsa) { + size_t digest_len, const DSA_SIG *sig, + const DSA *dsa) { *out_valid = 0; if (!dsa_check_key(dsa)) { return 0; diff --git a/include/openssl/dh.h b/include/openssl/dh.h index 4910ee53fb..c3904f827a 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -75,6 +75,12 @@ extern "C" { // Allocation and destruction. +// +// A |DH| object represents a Diffie-Hellman key or group parameters. A given +// object may be used concurrently on multiple threads by non-mutating +// functions, provided no other thread is concurrently calling a mutating +// function. Unless otherwise documented, functions which take a |const| pointer +// are non-mutating and functions which take a non-|const| pointer are mutating. // DH_new returns a new, empty DH object or NULL on error. OPENSSL_EXPORT DH *DH_new(void); @@ -87,7 +93,8 @@ OPENSSL_EXPORT DH *DH_new_by_nid(int nid); // count drops to zero. OPENSSL_EXPORT void DH_free(DH *dh); -// DH_up_ref increments the reference count of |dh| and returns one. +// DH_up_ref increments the reference count of |dh| and returns one. It does not +// mutate |dh| for thread-safety purposes and may be used concurrently. OPENSSL_EXPORT int DH_up_ref(DH *dh); @@ -223,6 +230,9 @@ OPENSSL_EXPORT int DH_generate_key(DH *dh); // Callers that expect a fixed-width secret should use this function over // |DH_compute_key|. Callers that use either function should migrate to a modern // primitive such as X25519 or ECDH with P-256 instead. +// +// This function does not mutate |dh| for thread-safety purposes and may be used +// concurrently. OPENSSL_EXPORT int DH_compute_key_padded(uint8_t *out, const BIGNUM *peers_key, DH *dh); @@ -234,6 +244,9 @@ OPENSSL_EXPORT int DH_compute_key_padded(uint8_t *out, const BIGNUM *peers_key, // // NOTE: this follows the usual BoringSSL return-value convention, but that's // different from |DH_compute_key| and |DH_compute_key_padded|. +// +// This function does not mutate |dh| for thread-safety purposes and may be used +// concurrently. OPENSSL_EXPORT int DH_compute_key_hashed(DH *dh, uint8_t *out, size_t *out_len, size_t max_out_len, const BIGNUM *peers_key, @@ -336,6 +349,9 @@ OPENSSL_EXPORT int i2d_DHparams(const DH *in, unsigned char **outp); // Callers that expect a fixed-width secret should use |DH_compute_key_padded| // instead. Callers that use either function should migrate to a modern // primitive such as X25519 or ECDH with P-256 instead. +// +// This function does not mutate |dh| for thread-safety purposes and may be used +// concurrently. OPENSSL_EXPORT int DH_compute_key(uint8_t *out, const BIGNUM *peers_key, DH *dh); diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index ae40eafc01..5733e06132 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -80,6 +80,12 @@ extern "C" { // Allocation and destruction. +// +// A |DSA| object represents a DSA key or group parameters. A given object may +// be used concurrently on multiple threads by non-mutating functions, provided +// no other thread is concurrently calling a mutating function. Unless otherwise +// documented, functions which take a |const| pointer are non-mutating and +// functions which take a non-|const| pointer are mutating. // DSA_new returns a new, empty DSA object or NULL on error. OPENSSL_EXPORT DSA *DSA_new(void); @@ -88,7 +94,8 @@ OPENSSL_EXPORT DSA *DSA_new(void); // reference count drops to zero. OPENSSL_EXPORT void DSA_free(DSA *dsa); -// DSA_up_ref increments the reference count of |dsa| and returns one. +// DSA_up_ref increments the reference count of |dsa| and returns one. It does +// not mutate |dsa| for thread-safety purposes and may be used concurrently. OPENSSL_EXPORT int DSA_up_ref(DSA *dsa); // DSA_print prints a textual representation of |dsa| to |bio|. It returns one @@ -225,7 +232,7 @@ OPENSSL_EXPORT DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len, // // TODO(fork): deprecate. OPENSSL_EXPORT int DSA_do_verify(const uint8_t *digest, size_t digest_len, - DSA_SIG *sig, const DSA *dsa); + const DSA_SIG *sig, const DSA *dsa); // DSA_do_check_signature sets |*out_valid| to zero. Then it verifies that |sig| // is a valid signature, by the public key in |dsa| of the hash in |digest| @@ -234,7 +241,7 @@ OPENSSL_EXPORT int DSA_do_verify(const uint8_t *digest, size_t digest_len, // It returns one if it was able to verify the signature as valid or invalid, // and zero on error. OPENSSL_EXPORT int DSA_do_check_signature(int *out_valid, const uint8_t *digest, - size_t digest_len, DSA_SIG *sig, + size_t digest_len, const DSA_SIG *sig, const DSA *dsa);