diff options
author | miod <> | 2003-03-19 01:05:22 +0000 |
---|---|---|
committer | miod <> | 2003-03-19 01:05:22 +0000 |
commit | 3ca583df3c5813f2054dd9b42ad879000865c88d (patch) | |
tree | 30fbfc349cf64c5bcbca6ea6c218ed0f8fd47387 | |
parent | 8d1a9d230c928e48c45a1800d762f52a13d614a0 (diff) | |
download | openbsd-3ca583df3c5813f2054dd9b42ad879000865c88d.tar.gz openbsd-3ca583df3c5813f2054dd9b42ad879000865c88d.tar.bz2 openbsd-3ca583df3c5813f2054dd9b42ad879000865c88d.zip |
Errata #024 (markus):
Enforce blinding on RSA operations involving private keys.
-rw-r--r-- | src/lib/libssl/src/crypto/rsa/rsa_eay.c | 28 | ||||
-rw-r--r-- | src/lib/libssl/src/crypto/rsa/rsa_lib.c | 8 |
2 files changed, 31 insertions, 5 deletions
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c index cde5ca27d5..632a8adcb1 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c | |||
@@ -186,6 +186,26 @@ err: | |||
186 | return(r); | 186 | return(r); |
187 | } | 187 | } |
188 | 188 | ||
189 | static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) | ||
190 | { | ||
191 | int ret = 1; | ||
192 | CRYPTO_w_lock(CRYPTO_LOCK_RSA); | ||
193 | /* Check again inside the lock - the macro's check is racey */ | ||
194 | if(rsa->blinding == NULL) | ||
195 | ret = RSA_blinding_on(rsa, ctx); | ||
196 | CRYPTO_w_unlock(CRYPTO_LOCK_RSA); | ||
197 | return ret; | ||
198 | } | ||
199 | |||
200 | #define BLINDING_HELPER(rsa, ctx, err_instr) \ | ||
201 | do { \ | ||
202 | if(((rsa)->flags & RSA_FLAG_BLINDING) && \ | ||
203 | ((rsa)->blinding == NULL) && \ | ||
204 | !rsa_eay_blinding(rsa, ctx)) \ | ||
205 | err_instr \ | ||
206 | } while(0) | ||
207 | |||
208 | /* signing */ | ||
189 | static int RSA_eay_private_encrypt(int flen, unsigned char *from, | 209 | static int RSA_eay_private_encrypt(int flen, unsigned char *from, |
190 | unsigned char *to, RSA *rsa, int padding) | 210 | unsigned char *to, RSA *rsa, int padding) |
191 | { | 211 | { |
@@ -224,8 +244,8 @@ static int RSA_eay_private_encrypt(int flen, unsigned char *from, | |||
224 | 244 | ||
225 | if (BN_bin2bn(buf,num,&f) == NULL) goto err; | 245 | if (BN_bin2bn(buf,num,&f) == NULL) goto err; |
226 | 246 | ||
227 | if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) | 247 | BLINDING_HELPER(rsa, ctx, goto err;); |
228 | RSA_blinding_on(rsa,ctx); | 248 | |
229 | if (rsa->flags & RSA_FLAG_BLINDING) | 249 | if (rsa->flags & RSA_FLAG_BLINDING) |
230 | if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; | 250 | if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; |
231 | 251 | ||
@@ -299,8 +319,8 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from, | |||
299 | /* make data into a big number */ | 319 | /* make data into a big number */ |
300 | if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err; | 320 | if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err; |
301 | 321 | ||
302 | if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) | 322 | BLINDING_HELPER(rsa, ctx, goto err;); |
303 | RSA_blinding_on(rsa,ctx); | 323 | |
304 | if (rsa->flags & RSA_FLAG_BLINDING) | 324 | if (rsa->flags & RSA_FLAG_BLINDING) |
305 | if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; | 325 | if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; |
306 | 326 | ||
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_lib.c b/src/lib/libssl/src/crypto/rsa/rsa_lib.c index 94395cc22c..1e404c4eb1 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_lib.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_lib.c | |||
@@ -72,7 +72,13 @@ static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL; | |||
72 | 72 | ||
73 | RSA *RSA_new(void) | 73 | RSA *RSA_new(void) |
74 | { | 74 | { |
75 | return(RSA_new_method(NULL)); | 75 | RSA *r=RSA_new_method(NULL); |
76 | |||
77 | #ifndef OPENSSL_NO_FORCE_RSA_BLINDING | ||
78 | r->flags|=RSA_FLAG_BLINDING; | ||
79 | #endif | ||
80 | |||
81 | return r; | ||
76 | } | 82 | } |
77 | 83 | ||
78 | void RSA_set_default_openssl_method(RSA_METHOD *meth) | 84 | void RSA_set_default_openssl_method(RSA_METHOD *meth) |