mirror of
https://git.FreeBSD.org/src.git
synced 2025-01-01 12:19:28 +00:00
Enable RSA blinding by default.
http://www.openssl.org/news/secadv_20030317.txt
This commit is contained in:
parent
8786792504
commit
5b877a2d56
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/vendor-crypto/openssl/dist/; revision=112442
@ -195,6 +195,25 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
|
||||
return(r);
|
||||
}
|
||||
|
||||
static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
|
||||
{
|
||||
int ret = 1;
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_RSA);
|
||||
/* Check again inside the lock - the macro's check is racey */
|
||||
if(rsa->blinding == NULL)
|
||||
ret = RSA_blinding_on(rsa, ctx);
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
|
||||
return ret;
|
||||
}
|
||||
|
||||
#define BLINDING_HELPER(rsa, ctx, err_instr) \
|
||||
do { \
|
||||
if(((rsa)->flags & RSA_FLAG_BLINDING) && \
|
||||
((rsa)->blinding == NULL) && \
|
||||
!rsa_eay_blinding(rsa, ctx)) \
|
||||
err_instr \
|
||||
} while(0)
|
||||
|
||||
/* signing */
|
||||
static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
|
||||
unsigned char *to, RSA *rsa, int padding)
|
||||
@ -239,8 +258,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
|
||||
goto err;
|
||||
}
|
||||
|
||||
if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
|
||||
RSA_blinding_on(rsa,ctx);
|
||||
BLINDING_HELPER(rsa, ctx, goto err;);
|
||||
|
||||
if (rsa->flags & RSA_FLAG_BLINDING)
|
||||
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
|
||||
|
||||
@ -318,8 +337,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
|
||||
goto err;
|
||||
}
|
||||
|
||||
if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
|
||||
RSA_blinding_on(rsa,ctx);
|
||||
BLINDING_HELPER(rsa, ctx, goto err;);
|
||||
|
||||
if (rsa->flags & RSA_FLAG_BLINDING)
|
||||
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
|
||||
|
||||
|
@ -72,7 +72,13 @@ static const RSA_METHOD *default_RSA_meth=NULL;
|
||||
|
||||
RSA *RSA_new(void)
|
||||
{
|
||||
return(RSA_new_method(NULL));
|
||||
RSA *r=RSA_new_method(NULL);
|
||||
|
||||
#ifndef OPENSSL_NO_FORCE_RSA_BLINDING
|
||||
r->flags|=RSA_FLAG_BLINDING;
|
||||
#endif
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
void RSA_set_default_method(const RSA_METHOD *meth)
|
||||
|
Loading…
Reference in New Issue
Block a user