From 9313797e45d3d85231bab1fdb82802991ec1ce44 Mon Sep 17 00:00:00 2001 From: Hakan Olsson Date: Sat, 15 Mar 2003 16:35:54 +0000 Subject: Enforce blinding on RSA operations involving private keys. From http://www.openssl.org/~geoff, modified to be enabled at all times. --- lib/libssl/src/crypto/rsa/rsa_eay.c | 27 +++++++++++++++++++++++---- lib/libssl/src/crypto/rsa/rsa_lib.c | 4 ++++ 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/lib/libssl/src/crypto/rsa/rsa_eay.c b/lib/libssl/src/crypto/rsa/rsa_eay.c index 0eda816081d..3fe1cd6540e 100644 --- a/lib/libssl/src/crypto/rsa/rsa_eay.c +++ b/lib/libssl/src/crypto/rsa/rsa_eay.c @@ -97,6 +97,21 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) return(&rsa_pkcs1_eay_meth); } +static void rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) + { + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + /* Check again inside the lock - the macro's check is racey */ + if(rsa->blinding == NULL) + RSA_blinding_on(rsa, ctx); + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + } +#define BLINDING_HELPER(rsa, ctx) \ + do { \ + if(((rsa)->flags & RSA_FLAG_BLINDING) && \ + ((rsa)->blinding == NULL)) \ + rsa_eay_blinding(rsa, ctx); \ + } while(0) + static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -237,8 +252,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, goto err; } - if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) - RSA_blinding_on(rsa,ctx); + BLINDING_HELPER(rsa, ctx); + if (rsa->flags & RSA_FLAG_BLINDING) if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; @@ -316,8 +331,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, goto err; } - if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) - RSA_blinding_on(rsa,ctx); + BLINDING_HELPER(rsa, ctx); + if (rsa->flags & RSA_FLAG_BLINDING) if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; @@ -592,6 +607,10 @@ err: static int RSA_eay_init(RSA *rsa) { rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; + + /* Enforce blinding. */ + rsa->flags|=RSA_FLAG_BLINDING; + return(1); } diff --git a/lib/libssl/src/crypto/rsa/rsa_lib.c b/lib/libssl/src/crypto/rsa/rsa_lib.c index 93235744f7a..f71870a3387 100644 --- a/lib/libssl/src/crypto/rsa/rsa_lib.c +++ b/lib/libssl/src/crypto/rsa/rsa_lib.c @@ -181,6 +181,10 @@ RSA *RSA_new_method(ENGINE *engine) OPENSSL_free(ret); ret=NULL; } + + /* Enforce blinding. */ + ret->flags |= RSA_FLAG_BLINDING; + return(ret); } -- cgit v1.2.3