summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2003-03-17 19:57:17 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2003-03-17 19:57:17 +0000
commitc895a32130e1a7556d7f6becbd518a415e409cee (patch)
tree3cc08347675b141bd77cb7f2052c60a8e9fffdb8
parent61bb647481e36bb3a55aa63edc3cc4fa18c8a2ea (diff)
update to official patch from openssl.org; ok deraadt@, millert@
-rw-r--r--lib/libssl/src/crypto/rsa/rsa_eay.c42
-rw-r--r--lib/libssl/src/crypto/rsa/rsa_lib.c12
2 files changed, 28 insertions, 26 deletions
diff --git a/lib/libssl/src/crypto/rsa/rsa_eay.c b/lib/libssl/src/crypto/rsa/rsa_eay.c
index 3fe1cd6540e..a3f549d8e69 100644
--- a/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -97,21 +97,6 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
return(&rsa_pkcs1_eay_meth);
}
-static void rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
- /* Check again inside the lock - the macro's check is racey */
- if(rsa->blinding == NULL)
- RSA_blinding_on(rsa, ctx);
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
- }
-#define BLINDING_HELPER(rsa, ctx) \
- do { \
- if(((rsa)->flags & RSA_FLAG_BLINDING) && \
- ((rsa)->blinding == NULL)) \
- rsa_eay_blinding(rsa, ctx); \
- } while(0)
-
static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
@@ -208,6 +193,25 @@ err:
return(r);
}
+static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
+ {
+ int ret = 1;
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ /* Check again inside the lock - the macro's check is racey */
+ if(rsa->blinding == NULL)
+ ret = RSA_blinding_on(rsa, ctx);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+ return ret;
+ }
+
+#define BLINDING_HELPER(rsa, ctx, err_instr) \
+ do { \
+ if(((rsa)->flags & RSA_FLAG_BLINDING) && \
+ ((rsa)->blinding == NULL) && \
+ !rsa_eay_blinding(rsa, ctx)) \
+ err_instr \
+ } while(0)
+
/* signing */
static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
@@ -252,7 +256,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
goto err;
}
- BLINDING_HELPER(rsa, ctx);
+ BLINDING_HELPER(rsa, ctx, goto err;);
if (rsa->flags & RSA_FLAG_BLINDING)
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -331,7 +335,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
goto err;
}
- BLINDING_HELPER(rsa, ctx);
+ BLINDING_HELPER(rsa, ctx, goto err;);
if (rsa->flags & RSA_FLAG_BLINDING)
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -607,10 +611,6 @@ err:
static int RSA_eay_init(RSA *rsa)
{
rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
-
- /* Enforce blinding. */
- rsa->flags|=RSA_FLAG_BLINDING;
-
return(1);
}
diff --git a/lib/libssl/src/crypto/rsa/rsa_lib.c b/lib/libssl/src/crypto/rsa/rsa_lib.c
index f71870a3387..37fff8bce3a 100644
--- a/lib/libssl/src/crypto/rsa/rsa_lib.c
+++ b/lib/libssl/src/crypto/rsa/rsa_lib.c
@@ -70,7 +70,13 @@ static const RSA_METHOD *default_RSA_meth=NULL;
RSA *RSA_new(void)
{
- return(RSA_new_method(NULL));
+ RSA *r=RSA_new_method(NULL);
+
+#ifndef OPENSSL_NO_FORCE_RSA_BLINDING
+ r->flags|=RSA_FLAG_BLINDING;
+#endif
+
+ return r;
}
void RSA_set_default_method(const RSA_METHOD *meth)
@@ -181,10 +187,6 @@ RSA *RSA_new_method(ENGINE *engine)
OPENSSL_free(ret);
ret=NULL;
}
-
- /* Enforce blinding. */
- ret->flags |= RSA_FLAG_BLINDING;
-
return(ret);
}