aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/openssl/crypto/rsa/rsa_eay.c
diff options
context:
space:
mode:
authorChris D. Faulhaber <jedgar@FreeBSD.org>2003-03-20 21:07:20 +0000
committerChris D. Faulhaber <jedgar@FreeBSD.org>2003-03-20 21:07:20 +0000
commit0c757abfe36ca04e71e31ca8c0685298deac1321 (patch)
tree35209b9d54a787b33409585991bf692e044f8443 /crypto/openssl/crypto/rsa/rsa_eay.c
parente9240368cce681e4ee4bc385acbaa7d59b122023 (diff)
downloadsrc-0c757abfe36ca04e71e31ca8c0685298deac1321.tar.gz
src-0c757abfe36ca04e71e31ca8c0685298deac1321.zip
MFC rsa_eay.c 1.11
rsa_lib.c 1.9 Enable RSA blinding by default. http://www.openssl.org/news/secadv_20030317.txt
Notes
Notes: svn path=/stable/4/; revision=112448
Diffstat (limited to 'crypto/openssl/crypto/rsa/rsa_eay.c')
-rw-r--r--crypto/openssl/crypto/rsa/rsa_eay.c27
1 files changed, 23 insertions, 4 deletions
diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c
index 29ce4511bcaf..e4bcf499d064 100644
--- a/crypto/openssl/crypto/rsa/rsa_eay.c
+++ b/crypto/openssl/crypto/rsa/rsa_eay.c
@@ -195,6 +195,25 @@ err:
return(r);
}
+static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
+ {
+ int ret = 1;
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ /* Check again inside the lock - the macro's check is racey */
+ if(rsa->blinding == NULL)
+ ret = RSA_blinding_on(rsa, ctx);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+ return ret;
+ }
+
+#define BLINDING_HELPER(rsa, ctx, err_instr) \
+ do { \
+ if(((rsa)->flags & RSA_FLAG_BLINDING) && \
+ ((rsa)->blinding == NULL) && \
+ !rsa_eay_blinding(rsa, ctx)) \
+ err_instr \
+ } while(0)
+
/* signing */
static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
@@ -239,8 +258,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
goto err;
}
- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
- RSA_blinding_on(rsa,ctx);
+ BLINDING_HELPER(rsa, ctx, goto err;);
+
if (rsa->flags & RSA_FLAG_BLINDING)
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -318,8 +337,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
goto err;
}
- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
- RSA_blinding_on(rsa,ctx);
+ BLINDING_HELPER(rsa, ctx, goto err;);
+
if (rsa->flags & RSA_FLAG_BLINDING)
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;