diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2003-03-17 19:57:17 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2003-03-17 19:57:17 +0000 |
commit | c895a32130e1a7556d7f6becbd518a415e409cee (patch) | |
tree | 3cc08347675b141bd77cb7f2052c60a8e9fffdb8 | |
parent | 61bb647481e36bb3a55aa63edc3cc4fa18c8a2ea (diff) |
update to official patch from openssl.org; ok deraadt@, millert@
-rw-r--r-- | lib/libssl/src/crypto/rsa/rsa_eay.c | 42 | ||||
-rw-r--r-- | lib/libssl/src/crypto/rsa/rsa_lib.c | 12 |
2 files changed, 28 insertions, 26 deletions
diff --git a/lib/libssl/src/crypto/rsa/rsa_eay.c b/lib/libssl/src/crypto/rsa/rsa_eay.c index 3fe1cd6540e..a3f549d8e69 100644 --- a/lib/libssl/src/crypto/rsa/rsa_eay.c +++ b/lib/libssl/src/crypto/rsa/rsa_eay.c @@ -97,21 +97,6 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) return(&rsa_pkcs1_eay_meth); } -static void rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - /* Check again inside the lock - the macro's check is racey */ - if(rsa->blinding == NULL) - RSA_blinding_on(rsa, ctx); - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } -#define BLINDING_HELPER(rsa, ctx) \ - do { \ - if(((rsa)->flags & RSA_FLAG_BLINDING) && \ - ((rsa)->blinding == NULL)) \ - rsa_eay_blinding(rsa, ctx); \ - } while(0) - static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -208,6 +193,25 @@ err: return(r); } +static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) + { + int ret = 1; + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + /* Check again inside the lock - the macro's check is racey */ + if(rsa->blinding == NULL) + ret = RSA_blinding_on(rsa, ctx); + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + return ret; + } + +#define BLINDING_HELPER(rsa, ctx, err_instr) \ + do { \ + if(((rsa)->flags & RSA_FLAG_BLINDING) && \ + ((rsa)->blinding == NULL) && \ + !rsa_eay_blinding(rsa, ctx)) \ + err_instr \ + } while(0) + /* signing */ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -252,7 +256,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, goto err; } - BLINDING_HELPER(rsa, ctx); + BLINDING_HELPER(rsa, ctx, goto err;); if (rsa->flags & RSA_FLAG_BLINDING) if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; @@ -331,7 +335,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, goto err; } - BLINDING_HELPER(rsa, ctx); + BLINDING_HELPER(rsa, ctx, goto err;); if (rsa->flags & RSA_FLAG_BLINDING) if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; @@ -607,10 +611,6 @@ err: static int RSA_eay_init(RSA *rsa) { rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; - - /* Enforce blinding. */ - rsa->flags|=RSA_FLAG_BLINDING; - return(1); } diff --git a/lib/libssl/src/crypto/rsa/rsa_lib.c b/lib/libssl/src/crypto/rsa/rsa_lib.c index f71870a3387..37fff8bce3a 100644 --- a/lib/libssl/src/crypto/rsa/rsa_lib.c +++ b/lib/libssl/src/crypto/rsa/rsa_lib.c @@ -70,7 +70,13 @@ static const RSA_METHOD *default_RSA_meth=NULL; RSA *RSA_new(void) { - return(RSA_new_method(NULL)); + RSA *r=RSA_new_method(NULL); + +#ifndef OPENSSL_NO_FORCE_RSA_BLINDING + r->flags|=RSA_FLAG_BLINDING; +#endif + + return r; } void RSA_set_default_method(const RSA_METHOD *meth) @@ -181,10 +187,6 @@ RSA *RSA_new_method(ENGINE *engine) OPENSSL_free(ret); ret=NULL; } - - /* Enforce blinding. */ - ret->flags |= RSA_FLAG_BLINDING; - return(ret); } |