aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChris D. Faulhaber <jedgar@FreeBSD.org>2003-03-20 20:44:11 +0000
committerChris D. Faulhaber <jedgar@FreeBSD.org>2003-03-20 20:44:11 +0000
commit5b877a2d56a3b37c8b2e8cedf0532a8fb82e3c70 (patch)
treea1bbcda421e7a49868ba5079e122d6609f4f4da5
parent8786792504af176f14878c00d689a1a17bfac4bd (diff)
downloadsrc-5b877a2d56a3b37c8b2e8cedf0532a8fb82e3c70.tar.gz
src-5b877a2d56a3b37c8b2e8cedf0532a8fb82e3c70.zip
Enable RSA blinding by default.
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=112442
-rw-r--r--crypto/openssl/crypto/rsa/rsa_eay.c27
-rw-r--r--crypto/openssl/crypto/rsa/rsa_lib.c8
2 files changed, 30 insertions, 5 deletions
diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c
index 29ce4511bcaf..e4bcf499d064 100644
--- a/crypto/openssl/crypto/rsa/rsa_eay.c
+++ b/crypto/openssl/crypto/rsa/rsa_eay.c
@@ -195,6 +195,25 @@ err:
return(r);
}
+static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
+ {
+ int ret = 1;
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ /* Check again inside the lock - the macro's check is racey */
+ if(rsa->blinding == NULL)
+ ret = RSA_blinding_on(rsa, ctx);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+ return ret;
+ }
+
+#define BLINDING_HELPER(rsa, ctx, err_instr) \
+ do { \
+ if(((rsa)->flags & RSA_FLAG_BLINDING) && \
+ ((rsa)->blinding == NULL) && \
+ !rsa_eay_blinding(rsa, ctx)) \
+ err_instr \
+ } while(0)
+
/* signing */
static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
@@ -239,8 +258,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
goto err;
}
- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
- RSA_blinding_on(rsa,ctx);
+ BLINDING_HELPER(rsa, ctx, goto err;);
+
if (rsa->flags & RSA_FLAG_BLINDING)
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -318,8 +337,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
goto err;
}
- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
- RSA_blinding_on(rsa,ctx);
+ BLINDING_HELPER(rsa, ctx, goto err;);
+
if (rsa->flags & RSA_FLAG_BLINDING)
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
diff --git a/crypto/openssl/crypto/rsa/rsa_lib.c b/crypto/openssl/crypto/rsa/rsa_lib.c
index 889c36d3a6f4..f234ae0748ca 100644
--- a/crypto/openssl/crypto/rsa/rsa_lib.c
+++ b/crypto/openssl/crypto/rsa/rsa_lib.c
@@ -72,7 +72,13 @@ static const RSA_METHOD *default_RSA_meth=NULL;
RSA *RSA_new(void)
{
- return(RSA_new_method(NULL));
+ RSA *r=RSA_new_method(NULL);
+
+#ifndef OPENSSL_NO_FORCE_RSA_BLINDING
+ r->flags|=RSA_FLAG_BLINDING;
+#endif
+
+ return r;
}
void RSA_set_default_method(const RSA_METHOD *meth)