Enforce blinding on RSA operations involving private keys.

From http://www.openssl.org/~geoff, modified to be enabled at all times.
author: ho <> 2003-03-15 16:35:53 +0000
committer: ho <> 2003-03-15 16:35:53 +0000
commit: 68d910a736124944b061ef4eb6d3e07b4682389a (patch)
tree: 4839b7cb5bb5ac8075b132a7b93a8becb3948832
parent: 1c6faae982600718c3de7d1e2ec7cc8c34b173c5 (diff)
download: openbsd-68d910a736124944b061ef4eb6d3e07b4682389a.tar.gz
openbsd-68d910a736124944b061ef4eb6d3e07b4682389a.tar.bz2
openbsd-68d910a736124944b061ef4eb6d3e07b4682389a.zip
4 files changed, 54 insertions, 8 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 0eda816081..3fe1cd6540 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -97,6 +97,21 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
        return(&rsa_pkcs1_eay_meth);
        }
+static void rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
+        {
+        CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+        /* Check again inside the lock - the macro's check is racey */
+        if(rsa->blinding == NULL)
+                RSA_blinding_on(rsa, ctx);
+        CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+        }
+#define BLINDING_HELPER(rsa, ctx) \
+        do { \
+                if(((rsa)->flags & RSA_FLAG_BLINDING) && \
+                                ((rsa)->blinding == NULL)) \
+                        rsa_eay_blinding(rsa, ctx); \
+        } while(0)
 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
             unsigned char *to, RSA *rsa, int padding)
        {
@@ -237,8 +252,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
                goto err;
                }
-        if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+        BLINDING_HELPER(rsa, ctx);
-                RSA_blinding_on(rsa,ctx);
        if (rsa->flags & RSA_FLAG_BLINDING)
                if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -316,8 +331,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
                goto err;
                }
-        if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+        BLINDING_HELPER(rsa, ctx);
-                RSA_blinding_on(rsa,ctx);
        if (rsa->flags & RSA_FLAG_BLINDING)
                if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -592,6 +607,10 @@ err:
 static int RSA_eay_init(RSA *rsa)
        {
        rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
+        /* Enforce blinding. */
+        rsa->flags|=RSA_FLAG_BLINDING;
        return(1);
        }
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index 93235744f7..f71870a338 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -181,6 +181,10 @@ RSA *RSA_new_method(ENGINE *engine)
                OPENSSL_free(ret);
                ret=NULL;
                }
+        /* Enforce blinding. */
+        ret->flags |= RSA_FLAG_BLINDING;
        return(ret);
        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
index 0eda816081..3fe1cd6540 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -97,6 +97,21 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
        return(&rsa_pkcs1_eay_meth);
        }
+static void rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
+        {
+        CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+        /* Check again inside the lock - the macro's check is racey */
+        if(rsa->blinding == NULL)
+                RSA_blinding_on(rsa, ctx);
+        CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+        }
+#define BLINDING_HELPER(rsa, ctx) \
+        do { \
+                if(((rsa)->flags & RSA_FLAG_BLINDING) && \
+                                ((rsa)->blinding == NULL)) \
+                        rsa_eay_blinding(rsa, ctx); \
+        } while(0)
 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
             unsigned char *to, RSA *rsa, int padding)
        {
@@ -237,8 +252,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
                goto err;
                }
-        if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+        BLINDING_HELPER(rsa, ctx);
-                RSA_blinding_on(rsa,ctx);
        if (rsa->flags & RSA_FLAG_BLINDING)
                if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -316,8 +331,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
                goto err;
                }
-        if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+        BLINDING_HELPER(rsa, ctx);
-                RSA_blinding_on(rsa,ctx);
        if (rsa->flags & RSA_FLAG_BLINDING)
                if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -592,6 +607,10 @@ err:
 static int RSA_eay_init(RSA *rsa)
        {
        rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
+        /* Enforce blinding. */
+        rsa->flags|=RSA_FLAG_BLINDING;
        return(1);
        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_lib.c b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
index 93235744f7..f71870a338 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_lib.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
@@ -181,6 +181,10 @@ RSA *RSA_new_method(ENGINE *engine)
                OPENSSL_free(ret);
                ret=NULL;
                }
+        /* Enforce blinding. */
+        ret->flags |= RSA_FLAG_BLINDING;
        return(ret);
        }
author	ho <>	2003-03-15 16:35:53 +0000
committer	ho <>	2003-03-15 16:35:53 +0000
commit	68d910a736124944b061ef4eb6d3e07b4682389a (patch)
tree	4839b7cb5bb5ac8075b132a7b93a8becb3948832
parent	1c6faae982600718c3de7d1e2ec7cc8c34b173c5 (diff)
download	openbsd-68d910a736124944b061ef4eb6d3e07b4682389a.tar.gz openbsd-68d910a736124944b061ef4eb6d3e07b4682389a.tar.bz2 openbsd-68d910a736124944b061ef4eb6d3e07b4682389a.zip

diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c index 0eda816081..3fe1cd6540 100644 --- a/src/lib/libcrypto/rsa/rsa_eay.c +++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -97,6 +97,21 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
97	return(&rsa_pkcs1_eay_meth);	97	return(&rsa_pkcs1_eay_meth);
98	}	98	}
99		99
		100	static void rsa_eay_blinding(RSA rsa, BN_CTX ctx)
		101	{
		102	CRYPTO_w_lock(CRYPTO_LOCK_RSA);
		103	/* Check again inside the lock - the macro's check is racey */
		104	if(rsa->blinding == NULL)
		105	RSA_blinding_on(rsa, ctx);
		106	CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
		107	}
		108	#define BLINDING_HELPER(rsa, ctx) \
		109	do { \
		110	if(((rsa)->flags & RSA_FLAG_BLINDING) && \
		111	((rsa)->blinding == NULL)) \
		112	rsa_eay_blinding(rsa, ctx); \
		113	} while(0)
		114
100	static int RSA_eay_public_encrypt(int flen, const unsigned char *from,	115	static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
101	unsigned char to, RSA rsa, int padding)	116	unsigned char to, RSA rsa, int padding)
102	{	117	{
@@ -237,8 +252,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
237	goto err;	252	goto err;
238	}	253	}
239		254
240	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))	255	BLINDING_HELPER(rsa, ctx);
241	RSA_blinding_on(rsa,ctx);	256
242	if (rsa->flags & RSA_FLAG_BLINDING)	257	if (rsa->flags & RSA_FLAG_BLINDING)
243	if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;	258	if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
244		259
@@ -316,8 +331,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
316	goto err;	331	goto err;
317	}	332	}
318		333
319	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))	334	BLINDING_HELPER(rsa, ctx);
320	RSA_blinding_on(rsa,ctx);	335
321	if (rsa->flags & RSA_FLAG_BLINDING)	336	if (rsa->flags & RSA_FLAG_BLINDING)
322	if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;	337	if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
323		338
@@ -592,6 +607,10 @@ err:
592	static int RSA_eay_init(RSA *rsa)	607	static int RSA_eay_init(RSA *rsa)
593	{	608	{
594	rsa->flags\|=RSA_FLAG_CACHE_PUBLIC\|RSA_FLAG_CACHE_PRIVATE;	609	rsa->flags\|=RSA_FLAG_CACHE_PUBLIC\|RSA_FLAG_CACHE_PRIVATE;
		610
		611	/* Enforce blinding. */
		612	rsa->flags\|=RSA_FLAG_BLINDING;
		613
595	return(1);	614	return(1);
596	}	615	}
597		616


diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c index 93235744f7..f71870a338 100644 --- a/src/lib/libcrypto/rsa/rsa_lib.c +++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -181,6 +181,10 @@ RSA RSA_new_method(ENGINE engine)
181	OPENSSL_free(ret);	181	OPENSSL_free(ret);
182	ret=NULL;	182	ret=NULL;
183	}	183	}
		184
		185	/* Enforce blinding. */
		186	ret->flags \|= RSA_FLAG_BLINDING;
		187
184	return(ret);	188	return(ret);
185	}	189	}
186		190


diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c index 0eda816081..3fe1cd6540 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -97,6 +97,21 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
97	return(&rsa_pkcs1_eay_meth);	97	return(&rsa_pkcs1_eay_meth);
98	}	98	}
99		99
		100	static void rsa_eay_blinding(RSA rsa, BN_CTX ctx)
		101	{
		102	CRYPTO_w_lock(CRYPTO_LOCK_RSA);
		103	/* Check again inside the lock - the macro's check is racey */
		104	if(rsa->blinding == NULL)
		105	RSA_blinding_on(rsa, ctx);
		106	CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
		107	}
		108	#define BLINDING_HELPER(rsa, ctx) \
		109	do { \
		110	if(((rsa)->flags & RSA_FLAG_BLINDING) && \
		111	((rsa)->blinding == NULL)) \
		112	rsa_eay_blinding(rsa, ctx); \
		113	} while(0)
		114
100	static int RSA_eay_public_encrypt(int flen, const unsigned char *from,	115	static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
101	unsigned char to, RSA rsa, int padding)	116	unsigned char to, RSA rsa, int padding)
102	{	117	{
@@ -237,8 +252,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
237	goto err;	252	goto err;
238	}	253	}
239		254
240	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))	255	BLINDING_HELPER(rsa, ctx);
241	RSA_blinding_on(rsa,ctx);	256
242	if (rsa->flags & RSA_FLAG_BLINDING)	257	if (rsa->flags & RSA_FLAG_BLINDING)
243	if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;	258	if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
244		259
@@ -316,8 +331,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
316	goto err;	331	goto err;
317	}	332	}
318		333
319	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))	334	BLINDING_HELPER(rsa, ctx);
320	RSA_blinding_on(rsa,ctx);	335
321	if (rsa->flags & RSA_FLAG_BLINDING)	336	if (rsa->flags & RSA_FLAG_BLINDING)
322	if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;	337	if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
323		338
@@ -592,6 +607,10 @@ err:
592	static int RSA_eay_init(RSA *rsa)	607	static int RSA_eay_init(RSA *rsa)
593	{	608	{
594	rsa->flags\|=RSA_FLAG_CACHE_PUBLIC\|RSA_FLAG_CACHE_PRIVATE;	609	rsa->flags\|=RSA_FLAG_CACHE_PUBLIC\|RSA_FLAG_CACHE_PRIVATE;
		610
		611	/* Enforce blinding. */
		612	rsa->flags\|=RSA_FLAG_BLINDING;
		613
595	return(1);	614	return(1);
596	}	615	}
597		616


diff --git a/src/lib/libssl/src/crypto/rsa/rsa_lib.c b/src/lib/libssl/src/crypto/rsa/rsa_lib.c index 93235744f7..f71870a338 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_lib.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
@@ -181,6 +181,10 @@ RSA RSA_new_method(ENGINE engine)
181	OPENSSL_free(ret);	181	OPENSSL_free(ret);
182	ret=NULL;	182	ret=NULL;
183	}	183	}
		184
		185	/* Enforce blinding. */
		186	ret->flags \|= RSA_FLAG_BLINDING;
		187
184	return(ret);	188	return(ret);
185	}	189	}
186		190