diff options
| author | Chris D. Faulhaber <jedgar@FreeBSD.org> | 2003-03-20 20:44:11 +0000 |
|---|---|---|
| committer | Chris D. Faulhaber <jedgar@FreeBSD.org> | 2003-03-20 20:44:11 +0000 |
| commit | 5b877a2d56a3b37c8b2e8cedf0532a8fb82e3c70 (patch) | |
| tree | a1bbcda421e7a49868ba5079e122d6609f4f4da5 | |
| parent | 8786792504af176f14878c00d689a1a17bfac4bd (diff) | |
| download | src-5b877a2d56a3b37c8b2e8cedf0532a8fb82e3c70.tar.gz src-5b877a2d56a3b37c8b2e8cedf0532a8fb82e3c70.zip | |
Enable RSA blinding by default.
Notes
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=112442
| -rw-r--r-- | crypto/openssl/crypto/rsa/rsa_eay.c | 27 | ||||
| -rw-r--r-- | crypto/openssl/crypto/rsa/rsa_lib.c | 8 |
2 files changed, 30 insertions, 5 deletions
diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c index 29ce4511bcaf..e4bcf499d064 100644 --- a/crypto/openssl/crypto/rsa/rsa_eay.c +++ b/crypto/openssl/crypto/rsa/rsa_eay.c @@ -195,6 +195,25 @@ err: return(r); } +static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) + { + int ret = 1; + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + /* Check again inside the lock - the macro's check is racey */ + if(rsa->blinding == NULL) + ret = RSA_blinding_on(rsa, ctx); + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + return ret; + } + +#define BLINDING_HELPER(rsa, ctx, err_instr) \ + do { \ + if(((rsa)->flags & RSA_FLAG_BLINDING) && \ + ((rsa)->blinding == NULL) && \ + !rsa_eay_blinding(rsa, ctx)) \ + err_instr \ + } while(0) + /* signing */ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -239,8 +258,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, goto err; } - if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) - RSA_blinding_on(rsa,ctx); + BLINDING_HELPER(rsa, ctx, goto err;); + if (rsa->flags & RSA_FLAG_BLINDING) if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; @@ -318,8 +337,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, goto err; } - if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) - RSA_blinding_on(rsa,ctx); + BLINDING_HELPER(rsa, ctx, goto err;); + if (rsa->flags & RSA_FLAG_BLINDING) if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; diff --git a/crypto/openssl/crypto/rsa/rsa_lib.c b/crypto/openssl/crypto/rsa/rsa_lib.c index 889c36d3a6f4..f234ae0748ca 100644 --- a/crypto/openssl/crypto/rsa/rsa_lib.c +++ b/crypto/openssl/crypto/rsa/rsa_lib.c @@ -72,7 +72,13 @@ static const RSA_METHOD *default_RSA_meth=NULL; RSA *RSA_new(void) { - return(RSA_new_method(NULL)); + RSA *r=RSA_new_method(NULL); + +#ifndef OPENSSL_NO_FORCE_RSA_BLINDING + r->flags|=RSA_FLAG_BLINDING; +#endif + + return r; } void RSA_set_default_method(const RSA_METHOD *meth) |