Make BN_BLINDING internal

RSA is pretty bad. In my most optimistic moments I dream of a world that stopped using it. That won't happen during my lifetime, unfortunately. Blinding is one way of making it a little less leaky. Unfortunately this side-channel leak mitigation leaked out of the library for no good reason. Let's at least fix that aspect of it. ok jsing
author: tb <> 2023-07-28 10:05:16 +0000
committer: tb <> 2023-07-28 10:05:16 +0000
commit: 6cc5955271563c498eb75bea6798690a380d43cf (patch)
tree: 9d9e5e88058fce53bb18a48739125946a2639657 /src/lib/libcrypto/rsa/rsa_local.h
parent: 8d8ca2c8c440c1df72455fe4055627e4110c3973 (diff)
download: openbsd-6cc5955271563c498eb75bea6798690a380d43cf.tar.gz
openbsd-6cc5955271563c498eb75bea6798690a380d43cf.tar.bz2
openbsd-6cc5955271563c498eb75bea6798690a380d43cf.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_local.h b/src/lib/libcrypto/rsa/rsa_local.h
index b4e90abd94..e4c3040b6f 100644
--- a/src/lib/libcrypto/rsa/rsa_local.h
+++ b/src/lib/libcrypto/rsa/rsa_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_local.h,v 1.3 2023/07/21 15:26:51 tb Exp $ */
+/* $OpenBSD: rsa_local.h,v 1.4 2023/07/28 10:05:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -153,4 +153,6 @@ int RSA_padding_check_X931(unsigned char *to, int tlen,
    const unsigned char *f, int fl, int rsa_len);
 int RSA_X931_hash_id(int nid);
+BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
 __END_HIDDEN_DECLS
author	tb <>	2023-07-28 10:05:16 +0000
committer	tb <>	2023-07-28 10:05:16 +0000
commit	6cc5955271563c498eb75bea6798690a380d43cf (patch)
tree	9d9e5e88058fce53bb18a48739125946a2639657 /src/lib/libcrypto/rsa/rsa_local.h
parent	8d8ca2c8c440c1df72455fe4055627e4110c3973 (diff)
download	openbsd-6cc5955271563c498eb75bea6798690a380d43cf.tar.gz openbsd-6cc5955271563c498eb75bea6798690a380d43cf.tar.bz2 openbsd-6cc5955271563c498eb75bea6798690a380d43cf.zip