summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHakan Olsson <ho@cvs.openbsd.org>2003-03-15 16:35:54 +0000
committerHakan Olsson <ho@cvs.openbsd.org>2003-03-15 16:35:54 +0000
commit9313797e45d3d85231bab1fdb82802991ec1ce44 (patch)
tree1e62333d641c6d8f7fbadac0f0dfef797e886b9f
parentea0d7d7fda01d1f99dffc2760a9f357f806592b2 (diff)
Enforce blinding on RSA operations involving private keys.
From http://www.openssl.org/~geoff, modified to be enabled at all times.
Diffstat
-rw-r--r--lib/libssl/src/crypto/rsa/rsa_eay.c27
-rw-r--r--lib/libssl/src/crypto/rsa/rsa_lib.c4
2 files changed, 27 insertions, 4 deletions
diff --git a/lib/libssl/src/crypto/rsa/rsa_eay.c b/lib/libssl/src/crypto/rsa/rsa_eay.c
index 0eda816081d..3fe1cd6540e 100644
--- a/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -97,6 +97,21 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
return(&rsa_pkcs1_eay_meth);
}
+static void rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
+ {
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ /* Check again inside the lock - the macro's check is racey */
+ if(rsa->blinding == NULL)
+ RSA_blinding_on(rsa, ctx);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+ }
+#define BLINDING_HELPER(rsa, ctx) \
+ do { \
+ if(((rsa)->flags & RSA_FLAG_BLINDING) && \
+ ((rsa)->blinding == NULL)) \
+ rsa_eay_blinding(rsa, ctx); \
+ } while(0)
+
static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
@@ -237,8 +252,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
goto err;
}
- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
- RSA_blinding_on(rsa,ctx);
+ BLINDING_HELPER(rsa, ctx);
+
if (rsa->flags & RSA_FLAG_BLINDING)
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -316,8 +331,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
goto err;
}
- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
- RSA_blinding_on(rsa,ctx);
+ BLINDING_HELPER(rsa, ctx);
+
if (rsa->flags & RSA_FLAG_BLINDING)
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -592,6 +607,10 @@ err:
static int RSA_eay_init(RSA *rsa)
{
rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
+
+ /* Enforce blinding. */
+ rsa->flags|=RSA_FLAG_BLINDING;
+
return(1);
}
diff --git a/lib/libssl/src/crypto/rsa/rsa_lib.c b/lib/libssl/src/crypto/rsa/rsa_lib.c
index 93235744f7a..f71870a3387 100644
--- a/lib/libssl/src/crypto/rsa/rsa_lib.c
+++ b/lib/libssl/src/crypto/rsa/rsa_lib.c
@@ -181,6 +181,10 @@ RSA *RSA_new_method(ENGINE *engine)
OPENSSL_free(ret);
ret=NULL;
}
+
+ /* Enforce blinding. */
+ ret->flags |= RSA_FLAG_BLINDING;
+
return(ret);
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-09 09:38:28 +0000