OpenSSL 1.0.0f: merge

author: djm <> 2012-01-05 23:01:39 +0000
committer: djm <> 2012-01-05 23:01:39 +0000
commit: 1323613b1aa20bc25bc1ca71f1926d7e11788b87 (patch)
tree: 866512933d8f0c1ea5465d0169915b36c1ca3cae /src/lib/libcrypto/rsa/rsa_eay.c
parent: 01b1f5ed381fe1d6d9a28e1b11285d194d167080 (diff)
download: openbsd-1323613b1aa20bc25bc1ca71f1926d7e11788b87.tar.gz
openbsd-1323613b1aa20bc25bc1ca71f1926d7e11788b87.tar.bz2
openbsd-1323613b1aa20bc25bc1ca71f1926d7e11788b87.zip
1 files changed, 51 insertions, 29 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 7c941885f0..2e1ddd48d3 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -314,51 +314,56 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
        return ret;
 }
-static int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f,
+static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
-        BIGNUM *r, BN_CTX *ctx)
+        BN_CTX *ctx)
-{
+        {
-        if (local)
+        if (unblind == NULL)
+                /* Local blinding: store the unblinding factor
+                 * in BN_BLINDING. */
                return BN_BLINDING_convert_ex(f, NULL, b, ctx);
        else
                {
-                int ret;
+                /* Shared blinding: store the unblinding factor
-                CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING);
+                 * outside BN_BLINDING. */
-                ret = BN_BLINDING_convert_ex(f, r, b, ctx);
-                CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING);
-                return ret;
-                }
-}
-static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f,
-        BIGNUM *r, BN_CTX *ctx)
-{
-        if (local)
-                return BN_BLINDING_invert_ex(f, NULL, b, ctx);
-        else
-                {
                int ret;
                CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
-                ret = BN_BLINDING_invert_ex(f, r, b, ctx);
+                ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
                CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
                return ret;
                }
-}
+        }
+static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
+        BN_CTX *ctx)
+        {
+        /* For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex
+         * will use the unblinding factor stored in BN_BLINDING.
+         * If BN_BLINDING is shared between threads, unblind must be non-null:
+         * BN_BLINDING_invert_ex will then use the local unblinding factor,
+         * and will only read the modulus from BN_BLINDING.
+         * In both cases it's safe to access the blinding without a lock.
+         */
+        return BN_BLINDING_invert_ex(f, unblind, b, ctx);
+        }
 /* signing */
 static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
             unsigned char *to, RSA *rsa, int padding)
        {
-        BIGNUM *f, *ret, *br, *res;
+        BIGNUM *f, *ret, *res;
        int i,j,k,num=0,r= -1;
        unsigned char *buf=NULL;
        BN_CTX *ctx=NULL;
        int local_blinding = 0;
+        /* Used only if the blinding structure is shared. A non-NULL unblind
+         * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
+         * the unblinding factor outside the blinding structure. */
+        BIGNUM *unblind = NULL;
        BN_BLINDING *blinding = NULL;
        if ((ctx=BN_CTX_new()) == NULL) goto err;
        BN_CTX_start(ctx);
        f   = BN_CTX_get(ctx);
-        br  = BN_CTX_get(ctx);
        ret = BN_CTX_get(ctx);
        num = BN_num_bytes(rsa->n);
        buf = OPENSSL_malloc(num);
@@ -406,8 +411,15 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
                }
        
        if (blinding != NULL)
-                if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))
+                {
+                if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
+                        {
+                        RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                if (!rsa_blinding_convert(blinding, f, unblind, ctx))
                        goto err;
+                }
        if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
                ((rsa->p != NULL) &&
@@ -441,7 +453,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
                }
        if (blinding)
-                if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))
+                if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
                        goto err;
        if (padding == RSA_X931_PADDING)
@@ -480,18 +492,21 @@ err:
 static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
             unsigned char *to, RSA *rsa, int padding)
        {
-        BIGNUM *f, *ret, *br;
+        BIGNUM *f, *ret;
        int j,num=0,r= -1;
        unsigned char *p;
        unsigned char *buf=NULL;
        BN_CTX *ctx=NULL;
        int local_blinding = 0;
+        /* Used only if the blinding structure is shared. A non-NULL unblind
+         * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
+         * the unblinding factor outside the blinding structure. */
+        BIGNUM *unblind = NULL;
        BN_BLINDING *blinding = NULL;
        if((ctx = BN_CTX_new()) == NULL) goto err;
        BN_CTX_start(ctx);
        f   = BN_CTX_get(ctx);
-        br  = BN_CTX_get(ctx);
        ret = BN_CTX_get(ctx);
        num = BN_num_bytes(rsa->n);
        buf = OPENSSL_malloc(num);
@@ -529,8 +544,15 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
                }
        
        if (blinding != NULL)
-                if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))
+                {
+                if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
+                        {
+                        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
                        goto err;
+                        }
+                if (!rsa_blinding_convert(blinding, f, unblind, ctx))
+                        goto err;
+                }
        /* do the decrypt */
        if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
@@ -564,7 +586,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
                }
        if (blinding)
-                if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))
+                if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
                        goto err;
        p=buf;
author	djm <>	2012-01-05 23:01:39 +0000
committer	djm <>	2012-01-05 23:01:39 +0000
commit	1323613b1aa20bc25bc1ca71f1926d7e11788b87 (patch)
tree	866512933d8f0c1ea5465d0169915b36c1ca3cae /src/lib/libcrypto/rsa/rsa_eay.c
parent	01b1f5ed381fe1d6d9a28e1b11285d194d167080 (diff)
download	openbsd-1323613b1aa20bc25bc1ca71f1926d7e11788b87.tar.gz openbsd-1323613b1aa20bc25bc1ca71f1926d7e11788b87.tar.bz2 openbsd-1323613b1aa20bc25bc1ca71f1926d7e11788b87.zip