summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto
diff options
context:
space:
mode:
authortb <>2023-07-28 10:05:16 +0000
committertb <>2023-07-28 10:05:16 +0000
commit6cc5955271563c498eb75bea6798690a380d43cf (patch)
tree9d9e5e88058fce53bb18a48739125946a2639657 /src/lib/libcrypto
parent8d8ca2c8c440c1df72455fe4055627e4110c3973 (diff)
downloadopenbsd-6cc5955271563c498eb75bea6798690a380d43cf.tar.gz
openbsd-6cc5955271563c498eb75bea6798690a380d43cf.tar.bz2
openbsd-6cc5955271563c498eb75bea6798690a380d43cf.zip
Make BN_BLINDING internal
RSA is pretty bad. In my most optimistic moments I dream of a world that stopped using it. That won't happen during my lifetime, unfortunately. Blinding is one way of making it a little less leaky. Unfortunately this side-channel leak mitigation leaked out of the library for no good reason. Let's at least fix that aspect of it. ok jsing
Diffstat (limited to 'src/lib/libcrypto')
-rw-r--r--src/lib/libcrypto/Symbols.list12
-rw-r--r--src/lib/libcrypto/Symbols.namespace12
-rw-r--r--src/lib/libcrypto/bn/bn.h23
-rw-r--r--src/lib/libcrypto/bn/bn_blind.c13
-rw-r--r--src/lib/libcrypto/bn/bn_local.h23
-rw-r--r--src/lib/libcrypto/hidden/openssl/bn.h13
-rw-r--r--src/lib/libcrypto/hidden/openssl/rsa.h3
-rw-r--r--src/lib/libcrypto/rsa/rsa.h3
-rw-r--r--src/lib/libcrypto/rsa/rsa_crpt.c3
-rw-r--r--src/lib/libcrypto/rsa/rsa_lib.c3
-rw-r--r--src/lib/libcrypto/rsa/rsa_local.h4
11 files changed, 33 insertions, 79 deletions
diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list
index 80be9faeae..cac15579b5 100644
--- a/src/lib/libcrypto/Symbols.list
+++ b/src/lib/libcrypto/Symbols.list
@@ -374,17 +374,6 @@ BIO_vfree
374BIO_vprintf 374BIO_vprintf
375BIO_vsnprintf 375BIO_vsnprintf
376BIO_write 376BIO_write
377BN_BLINDING_convert
378BN_BLINDING_convert_ex
379BN_BLINDING_create_param
380BN_BLINDING_free
381BN_BLINDING_get_flags
382BN_BLINDING_invert
383BN_BLINDING_invert_ex
384BN_BLINDING_new
385BN_BLINDING_set_flags
386BN_BLINDING_thread_id
387BN_BLINDING_update
388BN_CTX_end 377BN_CTX_end
389BN_CTX_free 378BN_CTX_free
390BN_CTX_get 379BN_CTX_get
@@ -2377,7 +2366,6 @@ RSA_set_default_method
2377RSA_set_ex_data 2366RSA_set_ex_data
2378RSA_set_flags 2367RSA_set_flags
2379RSA_set_method 2368RSA_set_method
2380RSA_setup_blinding
2381RSA_sign 2369RSA_sign
2382RSA_sign_ASN1_OCTET_STRING 2370RSA_sign_ASN1_OCTET_STRING
2383RSA_size 2371RSA_size
diff --git a/src/lib/libcrypto/Symbols.namespace b/src/lib/libcrypto/Symbols.namespace
index 7a309ab416..a58eb0b9a1 100644
--- a/src/lib/libcrypto/Symbols.namespace
+++ b/src/lib/libcrypto/Symbols.namespace
@@ -2293,17 +2293,6 @@ _libre_BN_MONT_CTX_free
2293_libre_BN_MONT_CTX_set 2293_libre_BN_MONT_CTX_set
2294_libre_BN_MONT_CTX_copy 2294_libre_BN_MONT_CTX_copy
2295_libre_BN_MONT_CTX_set_locked 2295_libre_BN_MONT_CTX_set_locked
2296_libre_BN_BLINDING_new
2297_libre_BN_BLINDING_free
2298_libre_BN_BLINDING_update
2299_libre_BN_BLINDING_convert
2300_libre_BN_BLINDING_invert
2301_libre_BN_BLINDING_convert_ex
2302_libre_BN_BLINDING_invert_ex
2303_libre_BN_BLINDING_thread_id
2304_libre_BN_BLINDING_get_flags
2305_libre_BN_BLINDING_set_flags
2306_libre_BN_BLINDING_create_param
2307_libre_get_rfc2409_prime_768 2296_libre_get_rfc2409_prime_768
2308_libre_get_rfc2409_prime_1024 2297_libre_get_rfc2409_prime_1024
2309_libre_BN_get_rfc2409_prime_768 2298_libre_BN_get_rfc2409_prime_768
@@ -2385,7 +2374,6 @@ _libre_RSA_sign_ASN1_OCTET_STRING
2385_libre_RSA_verify_ASN1_OCTET_STRING 2374_libre_RSA_verify_ASN1_OCTET_STRING
2386_libre_RSA_blinding_on 2375_libre_RSA_blinding_on
2387_libre_RSA_blinding_off 2376_libre_RSA_blinding_off
2388_libre_RSA_setup_blinding
2389_libre_RSA_padding_add_PKCS1_type_1 2377_libre_RSA_padding_add_PKCS1_type_1
2390_libre_RSA_padding_check_PKCS1_type_1 2378_libre_RSA_padding_check_PKCS1_type_1
2391_libre_RSA_padding_add_PKCS1_type_2 2379_libre_RSA_padding_add_PKCS1_type_2
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
index 7dc138d170..689196c911 100644
--- a/src/lib/libcrypto/bn/bn.h
+++ b/src/lib/libcrypto/bn/bn.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn.h,v 1.72 2023/06/13 09:12:22 tb Exp $ */ 1/* $OpenBSD: bn.h,v 1.73 2023/07/28 10:05:16 tb Exp $ */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -449,27 +449,6 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
449BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, 449BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
450 const BIGNUM *mod, BN_CTX *ctx); 450 const BIGNUM *mod, BN_CTX *ctx);
451 451
452/* BN_BLINDING flags */
453#define BN_BLINDING_NO_UPDATE 0x00000001
454#define BN_BLINDING_NO_RECREATE 0x00000002
455
456BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
457void BN_BLINDING_free(BN_BLINDING *b);
458int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
459int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
460int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
461int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
462int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);
463
464CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
465unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
466void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
467BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
468 const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
469 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
470 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
471 BN_MONT_CTX *m_ctx);
472
473/* Primes from RFC 2409 */ 452/* Primes from RFC 2409 */
474BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); 453BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
475BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn); 454BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);
diff --git a/src/lib/libcrypto/bn/bn_blind.c b/src/lib/libcrypto/bn/bn_blind.c
index 07cd359e7e..7332df2b56 100644
--- a/src/lib/libcrypto/bn/bn_blind.c
+++ b/src/lib/libcrypto/bn/bn_blind.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_blind.c,v 1.23 2023/07/08 12:21:58 beck Exp $ */ 1/* $OpenBSD: bn_blind.c,v 1.24 2023/07/28 10:05:16 tb Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -169,7 +169,6 @@ err:
169 BN_BLINDING_free(ret); 169 BN_BLINDING_free(ret);
170 return (NULL); 170 return (NULL);
171} 171}
172LCRYPTO_ALIAS(BN_BLINDING_new);
173 172
174void 173void
175BN_BLINDING_free(BN_BLINDING *r) 174BN_BLINDING_free(BN_BLINDING *r)
@@ -183,7 +182,6 @@ BN_BLINDING_free(BN_BLINDING *r)
183 BN_free(r->mod); 182 BN_free(r->mod);
184 free(r); 183 free(r);
185} 184}
186LCRYPTO_ALIAS(BN_BLINDING_free);
187 185
188int 186int
189BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) 187BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
@@ -217,14 +215,12 @@ err:
217 b->counter = 0; 215 b->counter = 0;
218 return (ret); 216 return (ret);
219} 217}
220LCRYPTO_ALIAS(BN_BLINDING_update);
221 218
222int 219int
223BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) 220BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
224{ 221{
225 return BN_BLINDING_convert_ex(n, NULL, b, ctx); 222 return BN_BLINDING_convert_ex(n, NULL, b, ctx);
226} 223}
227LCRYPTO_ALIAS(BN_BLINDING_convert);
228 224
229int 225int
230BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) 226BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
@@ -253,14 +249,12 @@ BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
253 249
254 return ret; 250 return ret;
255} 251}
256LCRYPTO_ALIAS(BN_BLINDING_convert_ex);
257 252
258int 253int
259BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) 254BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
260{ 255{
261 return BN_BLINDING_invert_ex(n, NULL, b, ctx); 256 return BN_BLINDING_invert_ex(n, NULL, b, ctx);
262} 257}
263LCRYPTO_ALIAS(BN_BLINDING_invert);
264 258
265int 259int
266BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) 260BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
@@ -280,28 +274,24 @@ BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
280 274
281 return (ret); 275 return (ret);
282} 276}
283LCRYPTO_ALIAS(BN_BLINDING_invert_ex);
284 277
285CRYPTO_THREADID * 278CRYPTO_THREADID *
286BN_BLINDING_thread_id(BN_BLINDING *b) 279BN_BLINDING_thread_id(BN_BLINDING *b)
287{ 280{
288 return &b->tid; 281 return &b->tid;
289} 282}
290LCRYPTO_ALIAS(BN_BLINDING_thread_id);
291 283
292unsigned long 284unsigned long
293BN_BLINDING_get_flags(const BN_BLINDING *b) 285BN_BLINDING_get_flags(const BN_BLINDING *b)
294{ 286{
295 return b->flags; 287 return b->flags;
296} 288}
297LCRYPTO_ALIAS(BN_BLINDING_get_flags);
298 289
299void 290void
300BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags) 291BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
301{ 292{
302 b->flags = flags; 293 b->flags = flags;
303} 294}
304LCRYPTO_ALIAS(BN_BLINDING_set_flags);
305 295
306BN_BLINDING * 296BN_BLINDING *
307BN_BLINDING_create_param(BN_BLINDING *b, const BIGNUM *e, BIGNUM *m, 297BN_BLINDING_create_param(BN_BLINDING *b, const BIGNUM *e, BIGNUM *m,
@@ -373,4 +363,3 @@ err:
373 363
374 return ret; 364 return ret;
375} 365}
376LCRYPTO_ALIAS(BN_BLINDING_create_param);
diff --git a/src/lib/libcrypto/bn/bn_local.h b/src/lib/libcrypto/bn/bn_local.h
index a8d40fbcc8..989770f2d6 100644
--- a/src/lib/libcrypto/bn/bn_local.h
+++ b/src/lib/libcrypto/bn/bn_local.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_local.h,v 1.26 2023/07/09 18:27:22 tb Exp $ */ 1/* $OpenBSD: bn_local.h,v 1.27 2023/07/28 10:05:16 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -291,6 +291,27 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
291int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, 291int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
292 BN_RECP_CTX *recp, BN_CTX *ctx); 292 BN_RECP_CTX *recp, BN_CTX *ctx);
293 293
294/* BN_BLINDING flags */
295#define BN_BLINDING_NO_UPDATE 0x00000001
296#define BN_BLINDING_NO_RECREATE 0x00000002
297
298BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
299void BN_BLINDING_free(BN_BLINDING *b);
300int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
301int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
302int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
303int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
304int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);
305
306CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
307unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
308void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
309BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
310 const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
311 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
312 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
313 BN_MONT_CTX *m_ctx);
314
294/* Explicitly const time / non-const time versions for internal use */ 315/* Explicitly const time / non-const time versions for internal use */
295int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 316int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
296 const BIGNUM *m, BN_CTX *ctx); 317 const BIGNUM *m, BN_CTX *ctx);
diff --git a/src/lib/libcrypto/hidden/openssl/bn.h b/src/lib/libcrypto/hidden/openssl/bn.h
index 6c23a5c6d8..d58bd10672 100644
--- a/src/lib/libcrypto/hidden/openssl/bn.h
+++ b/src/lib/libcrypto/hidden/openssl/bn.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn.h,v 1.1 2023/07/08 12:21:58 beck Exp $ */ 1/* $OpenBSD: bn.h,v 1.2 2023/07/28 10:05:16 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2023 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -131,17 +131,6 @@ LCRYPTO_USED(BN_MONT_CTX_free);
131LCRYPTO_USED(BN_MONT_CTX_set); 131LCRYPTO_USED(BN_MONT_CTX_set);
132LCRYPTO_USED(BN_MONT_CTX_copy); 132LCRYPTO_USED(BN_MONT_CTX_copy);
133LCRYPTO_USED(BN_MONT_CTX_set_locked); 133LCRYPTO_USED(BN_MONT_CTX_set_locked);
134LCRYPTO_USED(BN_BLINDING_new);
135LCRYPTO_USED(BN_BLINDING_free);
136LCRYPTO_USED(BN_BLINDING_update);
137LCRYPTO_USED(BN_BLINDING_convert);
138LCRYPTO_USED(BN_BLINDING_invert);
139LCRYPTO_USED(BN_BLINDING_convert_ex);
140LCRYPTO_USED(BN_BLINDING_invert_ex);
141LCRYPTO_USED(BN_BLINDING_thread_id);
142LCRYPTO_USED(BN_BLINDING_get_flags);
143LCRYPTO_USED(BN_BLINDING_set_flags);
144LCRYPTO_USED(BN_BLINDING_create_param);
145LCRYPTO_USED(get_rfc2409_prime_768); 134LCRYPTO_USED(get_rfc2409_prime_768);
146LCRYPTO_USED(get_rfc2409_prime_1024); 135LCRYPTO_USED(get_rfc2409_prime_1024);
147LCRYPTO_USED(BN_get_rfc2409_prime_768); 136LCRYPTO_USED(BN_get_rfc2409_prime_768);
diff --git a/src/lib/libcrypto/hidden/openssl/rsa.h b/src/lib/libcrypto/hidden/openssl/rsa.h
index f4342e21da..ff47101a07 100644
--- a/src/lib/libcrypto/hidden/openssl/rsa.h
+++ b/src/lib/libcrypto/hidden/openssl/rsa.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa.h,v 1.1 2023/07/08 12:26:45 beck Exp $ */ 1/* $OpenBSD: rsa.h,v 1.2 2023/07/28 10:05:16 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2023 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -66,7 +66,6 @@ LCRYPTO_USED(RSA_sign_ASN1_OCTET_STRING);
66LCRYPTO_USED(RSA_verify_ASN1_OCTET_STRING); 66LCRYPTO_USED(RSA_verify_ASN1_OCTET_STRING);
67LCRYPTO_USED(RSA_blinding_on); 67LCRYPTO_USED(RSA_blinding_on);
68LCRYPTO_USED(RSA_blinding_off); 68LCRYPTO_USED(RSA_blinding_off);
69LCRYPTO_USED(RSA_setup_blinding);
70LCRYPTO_USED(RSA_padding_add_PKCS1_type_1); 69LCRYPTO_USED(RSA_padding_add_PKCS1_type_1);
71LCRYPTO_USED(RSA_padding_check_PKCS1_type_1); 70LCRYPTO_USED(RSA_padding_check_PKCS1_type_1);
72LCRYPTO_USED(RSA_padding_add_PKCS1_type_2); 71LCRYPTO_USED(RSA_padding_add_PKCS1_type_2);
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index ff88240f04..4fcef3a97c 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa.h,v 1.64 2023/05/05 12:30:40 tb Exp $ */ 1/* $OpenBSD: rsa.h,v 1.65 2023/07/28 10:05:16 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -321,7 +321,6 @@ int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m,
321 321
322int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); 322int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
323void RSA_blinding_off(RSA *rsa); 323void RSA_blinding_off(RSA *rsa);
324BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
325 324
326int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, 325int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
327 const unsigned char *f, int fl); 326 const unsigned char *f, int fl);
diff --git a/src/lib/libcrypto/rsa/rsa_crpt.c b/src/lib/libcrypto/rsa/rsa_crpt.c
index ea79280b15..15108e24f0 100644
--- a/src/lib/libcrypto/rsa/rsa_crpt.c
+++ b/src/lib/libcrypto/rsa/rsa_crpt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_crpt.c,v 1.22 2023/07/08 12:26:45 beck Exp $ */ 1/* $OpenBSD: rsa_crpt.c,v 1.23 2023/07/28 10:05:16 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -229,4 +229,3 @@ err:
229 229
230 return ret; 230 return ret;
231} 231}
232LCRYPTO_ALIAS(RSA_setup_blinding);
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index 8831253b9f..fbd2c2274c 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_lib.c,v 1.47 2023/07/08 12:26:45 beck Exp $ */ 1/* $OpenBSD: rsa_lib.c,v 1.48 2023/07/28 10:05:16 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -67,6 +67,7 @@
67#include <openssl/lhash.h> 67#include <openssl/lhash.h>
68#include <openssl/rsa.h> 68#include <openssl/rsa.h>
69 69
70#include "bn_local.h"
70#include "evp_local.h" 71#include "evp_local.h"
71#include "rsa_local.h" 72#include "rsa_local.h"
72 73
diff --git a/src/lib/libcrypto/rsa/rsa_local.h b/src/lib/libcrypto/rsa/rsa_local.h
index b4e90abd94..e4c3040b6f 100644
--- a/src/lib/libcrypto/rsa/rsa_local.h
+++ b/src/lib/libcrypto/rsa/rsa_local.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_local.h,v 1.3 2023/07/21 15:26:51 tb Exp $ */ 1/* $OpenBSD: rsa_local.h,v 1.4 2023/07/28 10:05:16 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -153,4 +153,6 @@ int RSA_padding_check_X931(unsigned char *to, int tlen,
153 const unsigned char *f, int fl, int rsa_len); 153 const unsigned char *f, int fl, int rsa_len);
154int RSA_X931_hash_id(int nid); 154int RSA_X931_hash_id(int nid);
155 155
156BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
157
156__END_HIDDEN_DECLS 158__END_HIDDEN_DECLS
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-26 12:20:08 +0000