update to official patch from openssl.org; ok deraadt@, millert@

author: markus <> 2003-03-17 19:57:16 +0000
committer: markus <> 2003-03-17 19:57:16 +0000
commit: f70fbcbe107b93fd24d31f9afa4e99bf2464a2b7 (patch)
tree: bec19d17062fad889c529144dab8655dc0a8de38
parent: a4c0f9de9c618e0271a7e122136bdfe50301a6d7 (diff)
download: openbsd-f70fbcbe107b93fd24d31f9afa4e99bf2464a2b7.tar.gz
openbsd-f70fbcbe107b93fd24d31f9afa4e99bf2464a2b7.tar.bz2
openbsd-f70fbcbe107b93fd24d31f9afa4e99bf2464a2b7.zip
4 files changed, 56 insertions, 52 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 3fe1cd6540..a3f549d8e6 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -97,21 +97,6 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
        return(&rsa_pkcs1_eay_meth);
        }
-static void rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
-        {
-        CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-        /* Check again inside the lock - the macro's check is racey */
-        if(rsa->blinding == NULL)
-                RSA_blinding_on(rsa, ctx);
-        CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-        }
-#define BLINDING_HELPER(rsa, ctx) \
-        do { \
-                if(((rsa)->flags & RSA_FLAG_BLINDING) && \
-                                ((rsa)->blinding == NULL)) \
-                        rsa_eay_blinding(rsa, ctx); \
-        } while(0)
 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
             unsigned char *to, RSA *rsa, int padding)
        {
@@ -208,6 +193,25 @@ err:
        return(r);
        }
+static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
+        {
+        int ret = 1;
+        CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+        /* Check again inside the lock - the macro's check is racey */
+        if(rsa->blinding == NULL)
+                ret = RSA_blinding_on(rsa, ctx);
+        CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+        return ret;
+        }
+#define BLINDING_HELPER(rsa, ctx, err_instr) \
+        do { \
+                if(((rsa)->flags & RSA_FLAG_BLINDING) && \
+                                ((rsa)->blinding == NULL) && \
+                                !rsa_eay_blinding(rsa, ctx)) \
+                        err_instr \
+        } while(0)
 /* signing */
 static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
             unsigned char *to, RSA *rsa, int padding)
@@ -252,7 +256,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
                goto err;
                }
-        BLINDING_HELPER(rsa, ctx);
+        BLINDING_HELPER(rsa, ctx, goto err;);
        if (rsa->flags & RSA_FLAG_BLINDING)
                if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -331,7 +335,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
                goto err;
                }
-        BLINDING_HELPER(rsa, ctx);
+        BLINDING_HELPER(rsa, ctx, goto err;);
        if (rsa->flags & RSA_FLAG_BLINDING)
                if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -607,10 +611,6 @@ err:
 static int RSA_eay_init(RSA *rsa)
        {
        rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
-        /* Enforce blinding. */
-        rsa->flags|=RSA_FLAG_BLINDING;
        return(1);
        }
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index f71870a338..37fff8bce3 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -70,7 +70,13 @@ static const RSA_METHOD *default_RSA_meth=NULL;
 RSA *RSA_new(void)
        {
-        return(RSA_new_method(NULL));
+        RSA *r=RSA_new_method(NULL);
+#ifndef OPENSSL_NO_FORCE_RSA_BLINDING
+        r->flags|=RSA_FLAG_BLINDING;
+#endif
+        return r;
        }
 void RSA_set_default_method(const RSA_METHOD *meth)
@@ -181,10 +187,6 @@ RSA *RSA_new_method(ENGINE *engine)
                OPENSSL_free(ret);
                ret=NULL;
                }
-        /* Enforce blinding. */
-        ret->flags |= RSA_FLAG_BLINDING;
        return(ret);
        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
index 3fe1cd6540..a3f549d8e6 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -97,21 +97,6 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
        return(&rsa_pkcs1_eay_meth);
        }
-static void rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
-        {
-        CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-        /* Check again inside the lock - the macro's check is racey */
-        if(rsa->blinding == NULL)
-                RSA_blinding_on(rsa, ctx);
-        CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-        }
-#define BLINDING_HELPER(rsa, ctx) \
-        do { \
-                if(((rsa)->flags & RSA_FLAG_BLINDING) && \
-                                ((rsa)->blinding == NULL)) \
-                        rsa_eay_blinding(rsa, ctx); \
-        } while(0)
 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
             unsigned char *to, RSA *rsa, int padding)
        {
@@ -208,6 +193,25 @@ err:
        return(r);
        }
+static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
+        {
+        int ret = 1;
+        CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+        /* Check again inside the lock - the macro's check is racey */
+        if(rsa->blinding == NULL)
+                ret = RSA_blinding_on(rsa, ctx);
+        CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+        return ret;
+        }
+#define BLINDING_HELPER(rsa, ctx, err_instr) \
+        do { \
+                if(((rsa)->flags & RSA_FLAG_BLINDING) && \
+                                ((rsa)->blinding == NULL) && \
+                                !rsa_eay_blinding(rsa, ctx)) \
+                        err_instr \
+        } while(0)
 /* signing */
 static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
             unsigned char *to, RSA *rsa, int padding)
@@ -252,7 +256,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
                goto err;
                }
-        BLINDING_HELPER(rsa, ctx);
+        BLINDING_HELPER(rsa, ctx, goto err;);
        if (rsa->flags & RSA_FLAG_BLINDING)
                if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -331,7 +335,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
                goto err;
                }
-        BLINDING_HELPER(rsa, ctx);
+        BLINDING_HELPER(rsa, ctx, goto err;);
        if (rsa->flags & RSA_FLAG_BLINDING)
                if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -607,10 +611,6 @@ err:
 static int RSA_eay_init(RSA *rsa)
        {
        rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
-        /* Enforce blinding. */
-        rsa->flags|=RSA_FLAG_BLINDING;
        return(1);
        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_lib.c b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
index f71870a338..37fff8bce3 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_lib.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
@@ -70,7 +70,13 @@ static const RSA_METHOD *default_RSA_meth=NULL;
 RSA *RSA_new(void)
        {
-        return(RSA_new_method(NULL));
+        RSA *r=RSA_new_method(NULL);
+#ifndef OPENSSL_NO_FORCE_RSA_BLINDING
+        r->flags|=RSA_FLAG_BLINDING;
+#endif
+        return r;
        }
 void RSA_set_default_method(const RSA_METHOD *meth)
@@ -181,10 +187,6 @@ RSA *RSA_new_method(ENGINE *engine)
                OPENSSL_free(ret);
                ret=NULL;
                }
-        /* Enforce blinding. */
-        ret->flags |= RSA_FLAG_BLINDING;
        return(ret);
        }
author	markus <>	2003-03-17 19:57:16 +0000
committer	markus <>	2003-03-17 19:57:16 +0000
commit	f70fbcbe107b93fd24d31f9afa4e99bf2464a2b7 (patch)
tree	bec19d17062fad889c529144dab8655dc0a8de38
parent	a4c0f9de9c618e0271a7e122136bdfe50301a6d7 (diff)
download	openbsd-f70fbcbe107b93fd24d31f9afa4e99bf2464a2b7.tar.gz openbsd-f70fbcbe107b93fd24d31f9afa4e99bf2464a2b7.tar.bz2 openbsd-f70fbcbe107b93fd24d31f9afa4e99bf2464a2b7.zip