Make BN_BLINDING internal

RSA is pretty bad. In my most optimistic moments I dream of a world that stopped using it. That won't happen during my lifetime, unfortunately. Blinding is one way of making it a little less leaky. Unfortunately this side-channel leak mitigation leaked out of the library for no good reason. Let's at least fix that aspect of it. ok jsing
author: tb <> 2023-07-28 10:05:16 +0000
committer: tb <> 2023-07-28 10:05:16 +0000
commit: 6cc5955271563c498eb75bea6798690a380d43cf (patch)
tree: 9d9e5e88058fce53bb18a48739125946a2639657 /src/lib/libcrypto/bn/bn_local.h
parent: 8d8ca2c8c440c1df72455fe4055627e4110c3973 (diff)
download: openbsd-6cc5955271563c498eb75bea6798690a380d43cf.tar.gz
openbsd-6cc5955271563c498eb75bea6798690a380d43cf.tar.bz2
openbsd-6cc5955271563c498eb75bea6798690a380d43cf.zip
1 files changed, 22 insertions, 1 deletions
diff --git a/src/lib/libcrypto/bn/bn_local.h b/src/lib/libcrypto/bn/bn_local.h
index a8d40fbcc8..989770f2d6 100644
--- a/src/lib/libcrypto/bn/bn_local.h
+++ b/src/lib/libcrypto/bn/bn_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_local.h,v 1.26 2023/07/09 18:27:22 tb Exp $ */
+/* $OpenBSD: bn_local.h,v 1.27 2023/07/28 10:05:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -291,6 +291,27 @@ int	BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 int     BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
    BN_RECP_CTX *recp, BN_CTX *ctx);
+/* BN_BLINDING flags */
+#define BN_BLINDING_NO_UPDATE   0x00000001
+#define BN_BLINDING_NO_RECREATE 0x00000002
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
+void BN_BLINDING_free(BN_BLINDING *b);
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);
+CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
+unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+    const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+    int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
+    BN_MONT_CTX *m_ctx);
 /* Explicitly const time / non-const time versions for internal use */
 int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx);
author	tb <>	2023-07-28 10:05:16 +0000
committer	tb <>	2023-07-28 10:05:16 +0000
commit	6cc5955271563c498eb75bea6798690a380d43cf (patch)
tree	9d9e5e88058fce53bb18a48739125946a2639657 /src/lib/libcrypto/bn/bn_local.h
parent	8d8ca2c8c440c1df72455fe4055627e4110c3973 (diff)
download	openbsd-6cc5955271563c498eb75bea6798690a380d43cf.tar.gz openbsd-6cc5955271563c498eb75bea6798690a380d43cf.tar.bz2 openbsd-6cc5955271563c498eb75bea6798690a380d43cf.zip

diff --git a/src/lib/libcrypto/bn/bn_local.h b/src/lib/libcrypto/bn/bn_local.h index a8d40fbcc8..989770f2d6 100644 --- a/src/lib/libcrypto/bn/bn_local.h +++ b/src/lib/libcrypto/bn/bn_local.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bn_local.h,v 1.26 2023/07/09 18:27:22 tb Exp $ */	1	/* $OpenBSD: bn_local.h,v 1.27 2023/07/28 10:05:16 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -291,6 +291,27 @@ int BN_mod_exp_recp(BIGNUM r, const BIGNUM a, const BIGNUM *p,
291	int BN_div_recp(BIGNUM dv, BIGNUM rem, const BIGNUM *m,	291	int BN_div_recp(BIGNUM dv, BIGNUM rem, const BIGNUM *m,
292	BN_RECP_CTX recp, BN_CTX ctx);	292	BN_RECP_CTX recp, BN_CTX ctx);
293		293
		294	/* BN_BLINDING flags */
		295	#define BN_BLINDING_NO_UPDATE 0x00000001
		296	#define BN_BLINDING_NO_RECREATE 0x00000002
		297
		298	BN_BLINDING BN_BLINDING_new(const BIGNUM A, const BIGNUM Ai, BIGNUM mod);
		299	void BN_BLINDING_free(BN_BLINDING *b);
		300	int BN_BLINDING_update(BN_BLINDING b, BN_CTX ctx);
		301	int BN_BLINDING_convert(BIGNUM n, BN_BLINDING b, BN_CTX *ctx);
		302	int BN_BLINDING_invert(BIGNUM n, BN_BLINDING b, BN_CTX *ctx);
		303	int BN_BLINDING_convert_ex(BIGNUM n, BIGNUM r, BN_BLINDING b, BN_CTX );
		304	int BN_BLINDING_invert_ex(BIGNUM n, const BIGNUM r, BN_BLINDING b, BN_CTX );
		305
		306	CRYPTO_THREADID BN_BLINDING_thread_id(BN_BLINDING );
		307	unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
		308	void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
		309	BN_BLINDING BN_BLINDING_create_param(BN_BLINDING b,
		310	const BIGNUM e, BIGNUM m, BN_CTX *ctx,
		311	int (bn_mod_exp)(BIGNUM r, const BIGNUM a, const BIGNUM p,
		312	const BIGNUM m, BN_CTX ctx, BN_MONT_CTX *m_ctx),
		313	BN_MONT_CTX *m_ctx);
		314
294	/* Explicitly const time / non-const time versions for internal use */	315	/* Explicitly const time / non-const time versions for internal use */
295	int BN_mod_exp_ct(BIGNUM r, const BIGNUM a, const BIGNUM *p,	316	int BN_mod_exp_ct(BIGNUM r, const BIGNUM a, const BIGNUM *p,
296	const BIGNUM m, BN_CTX ctx);	317	const BIGNUM m, BN_CTX ctx);