summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorjedgar <jedgar@FreeBSD.org>2003-03-20 20:44:11 +0000
committerjedgar <jedgar@FreeBSD.org>2003-03-20 20:44:11 +0000
commit5d79b842c13e718f85a9f2e1676e361b6fc55367 (patch)
treea1bbcda421e7a49868ba5079e122d6609f4f4da5 /crypto
parent5514cd49874521671b211831af2ced0740d907d6 (diff)
downloadFreeBSD-src-5d79b842c13e718f85a9f2e1676e361b6fc55367.zip
FreeBSD-src-5d79b842c13e718f85a9f2e1676e361b6fc55367.tar.gz
Enable RSA blinding by default.
http://www.openssl.org/news/secadv_20030317.txt
Diffstat (limited to 'crypto')
-rw-r--r--crypto/openssl/crypto/rsa/rsa_eay.c27
-rw-r--r--crypto/openssl/crypto/rsa/rsa_lib.c8
2 files changed, 30 insertions, 5 deletions
diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c
index 29ce451..e4bcf49 100644
--- a/crypto/openssl/crypto/rsa/rsa_eay.c
+++ b/crypto/openssl/crypto/rsa/rsa_eay.c
@@ -195,6 +195,25 @@ err:
return(r);
}
+static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
+ {
+ int ret = 1;
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ /* Check again inside the lock - the macro's check is racey */
+ if(rsa->blinding == NULL)
+ ret = RSA_blinding_on(rsa, ctx);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+ return ret;
+ }
+
+#define BLINDING_HELPER(rsa, ctx, err_instr) \
+ do { \
+ if(((rsa)->flags & RSA_FLAG_BLINDING) && \
+ ((rsa)->blinding == NULL) && \
+ !rsa_eay_blinding(rsa, ctx)) \
+ err_instr \
+ } while(0)
+
/* signing */
static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
@@ -239,8 +258,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
goto err;
}
- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
- RSA_blinding_on(rsa,ctx);
+ BLINDING_HELPER(rsa, ctx, goto err;);
+
if (rsa->flags & RSA_FLAG_BLINDING)
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -318,8 +337,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
goto err;
}
- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
- RSA_blinding_on(rsa,ctx);
+ BLINDING_HELPER(rsa, ctx, goto err;);
+
if (rsa->flags & RSA_FLAG_BLINDING)
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
diff --git a/crypto/openssl/crypto/rsa/rsa_lib.c b/crypto/openssl/crypto/rsa/rsa_lib.c
index 889c36d..f234ae0 100644
--- a/crypto/openssl/crypto/rsa/rsa_lib.c
+++ b/crypto/openssl/crypto/rsa/rsa_lib.c
@@ -72,7 +72,13 @@ static const RSA_METHOD *default_RSA_meth=NULL;
RSA *RSA_new(void)
{
- return(RSA_new_method(NULL));
+ RSA *r=RSA_new_method(NULL);
+
+#ifndef OPENSSL_NO_FORCE_RSA_BLINDING
+ r->flags|=RSA_FLAG_BLINDING;
+#endif
+
+ return r;
}
void RSA_set_default_method(const RSA_METHOD *meth)
OpenPOWER on IntegriCloud