From 6cc5955271563c498eb75bea6798690a380d43cf Mon Sep 17 00:00:00 2001
From: tb <>
Date: Fri, 28 Jul 2023 10:05:16 +0000
Subject: Make BN_BLINDING internal

RSA is pretty bad. In my most optimistic moments I dream of a world that
stopped using it. That won't happen during my lifetime, unfortunately.
Blinding is one way of making it a little less leaky. Unfortunately this
side-channel leak mitigation leaked out of the library for no good reason.
Let's at least fix that aspect of it.

ok jsing
---
 src/lib/libcrypto/hidden/openssl/bn.h  | 13 +------------
 src/lib/libcrypto/hidden/openssl/rsa.h |  3 +--
 2 files changed, 2 insertions(+), 14 deletions(-)

(limited to 'src/lib/libcrypto/hidden')

diff --git a/src/lib/libcrypto/hidden/openssl/bn.h b/src/lib/libcrypto/hidden/openssl/bn.h
index 6c23a5c6d8..d58bd10672 100644
--- a/src/lib/libcrypto/hidden/openssl/bn.h
+++ b/src/lib/libcrypto/hidden/openssl/bn.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn.h,v 1.1 2023/07/08 12:21:58 beck Exp $ */
+/* $OpenBSD: bn.h,v 1.2 2023/07/28 10:05:16 tb Exp $ */
 /*
  * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
  *
@@ -131,17 +131,6 @@ LCRYPTO_USED(BN_MONT_CTX_free);
 LCRYPTO_USED(BN_MONT_CTX_set);
 LCRYPTO_USED(BN_MONT_CTX_copy);
 LCRYPTO_USED(BN_MONT_CTX_set_locked);
-LCRYPTO_USED(BN_BLINDING_new);
-LCRYPTO_USED(BN_BLINDING_free);
-LCRYPTO_USED(BN_BLINDING_update);
-LCRYPTO_USED(BN_BLINDING_convert);
-LCRYPTO_USED(BN_BLINDING_invert);
-LCRYPTO_USED(BN_BLINDING_convert_ex);
-LCRYPTO_USED(BN_BLINDING_invert_ex);
-LCRYPTO_USED(BN_BLINDING_thread_id);
-LCRYPTO_USED(BN_BLINDING_get_flags);
-LCRYPTO_USED(BN_BLINDING_set_flags);
-LCRYPTO_USED(BN_BLINDING_create_param);
 LCRYPTO_USED(get_rfc2409_prime_768);
 LCRYPTO_USED(get_rfc2409_prime_1024);
 LCRYPTO_USED(BN_get_rfc2409_prime_768);
diff --git a/src/lib/libcrypto/hidden/openssl/rsa.h b/src/lib/libcrypto/hidden/openssl/rsa.h
index f4342e21da..ff47101a07 100644
--- a/src/lib/libcrypto/hidden/openssl/rsa.h
+++ b/src/lib/libcrypto/hidden/openssl/rsa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa.h,v 1.1 2023/07/08 12:26:45 beck Exp $ */
+/* $OpenBSD: rsa.h,v 1.2 2023/07/28 10:05:16 tb Exp $ */
 /*
  * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
  *
@@ -66,7 +66,6 @@ LCRYPTO_USED(RSA_sign_ASN1_OCTET_STRING);
 LCRYPTO_USED(RSA_verify_ASN1_OCTET_STRING);
 LCRYPTO_USED(RSA_blinding_on);
 LCRYPTO_USED(RSA_blinding_off);
-LCRYPTO_USED(RSA_setup_blinding);
 LCRYPTO_USED(RSA_padding_add_PKCS1_type_1);
 LCRYPTO_USED(RSA_padding_check_PKCS1_type_1);
 LCRYPTO_USED(RSA_padding_add_PKCS1_type_2);
-- 
cgit v1.2.3-55-g6feb