From f70fbcbe107b93fd24d31f9afa4e99bf2464a2b7 Mon Sep 17 00:00:00 2001
From: markus <>
Date: Mon, 17 Mar 2003 19:57:16 +0000
Subject: update to official patch from openssl.org; ok deraadt@, millert@

---
 src/lib/libcrypto/rsa/rsa_eay.c         | 42 ++++++++++++++++-----------------
 src/lib/libcrypto/rsa/rsa_lib.c         | 12 ++++++----
 src/lib/libssl/src/crypto/rsa/rsa_eay.c | 42 ++++++++++++++++-----------------
 src/lib/libssl/src/crypto/rsa/rsa_lib.c | 12 ++++++----
 4 files changed, 56 insertions(+), 52 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 3fe1cd6540..a3f549d8e6 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -97,21 +97,6 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
 	return(&rsa_pkcs1_eay_meth);
 	}
 
-static void rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
-	{
-	CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-	/* Check again inside the lock - the macro's check is racey */
-	if(rsa->blinding == NULL)
-		RSA_blinding_on(rsa, ctx);
-	CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-	}
-#define BLINDING_HELPER(rsa, ctx) \
-	do { \
-		if(((rsa)->flags & RSA_FLAG_BLINDING) && \
-				((rsa)->blinding == NULL)) \
-			rsa_eay_blinding(rsa, ctx); \
-	} while(0)
-
 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
@@ -208,6 +193,25 @@ err:
 	return(r);
 	}
 
+static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
+	{
+	int ret = 1;
+	CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+	/* Check again inside the lock - the macro's check is racey */
+	if(rsa->blinding == NULL)
+		ret = RSA_blinding_on(rsa, ctx);
+	CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+	return ret;
+	}
+
+#define BLINDING_HELPER(rsa, ctx, err_instr) \
+	do { \
+		if(((rsa)->flags & RSA_FLAG_BLINDING) && \
+				((rsa)->blinding == NULL) && \
+				!rsa_eay_blinding(rsa, ctx)) \
+			err_instr \
+	} while(0)
+
 /* signing */
 static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
@@ -252,7 +256,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 		goto err;
 		}
 
-	BLINDING_HELPER(rsa, ctx);
+	BLINDING_HELPER(rsa, ctx, goto err;);
 
 	if (rsa->flags & RSA_FLAG_BLINDING)
 		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -331,7 +335,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
 		goto err;
 		}
 
-	BLINDING_HELPER(rsa, ctx);
+	BLINDING_HELPER(rsa, ctx, goto err;);
 
 	if (rsa->flags & RSA_FLAG_BLINDING)
 		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -607,10 +611,6 @@ err:
 static int RSA_eay_init(RSA *rsa)
 	{
 	rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
-
-	/* Enforce blinding. */
-	rsa->flags|=RSA_FLAG_BLINDING;
-
 	return(1);
 	}
 
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index f71870a338..37fff8bce3 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -70,7 +70,13 @@ static const RSA_METHOD *default_RSA_meth=NULL;
 
 RSA *RSA_new(void)
 	{
-	return(RSA_new_method(NULL));
+	RSA *r=RSA_new_method(NULL);
+
+#ifndef OPENSSL_NO_FORCE_RSA_BLINDING
+	r->flags|=RSA_FLAG_BLINDING;
+#endif
+
+	return r;
 	}
 
 void RSA_set_default_method(const RSA_METHOD *meth)
@@ -181,10 +187,6 @@ RSA *RSA_new_method(ENGINE *engine)
 		OPENSSL_free(ret);
 		ret=NULL;
 		}
-
-	/* Enforce blinding. */
-	ret->flags |= RSA_FLAG_BLINDING;
-
 	return(ret);
 	}
 
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
index 3fe1cd6540..a3f549d8e6 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -97,21 +97,6 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
 	return(&rsa_pkcs1_eay_meth);
 	}
 
-static void rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
-	{
-	CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-	/* Check again inside the lock - the macro's check is racey */
-	if(rsa->blinding == NULL)
-		RSA_blinding_on(rsa, ctx);
-	CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-	}
-#define BLINDING_HELPER(rsa, ctx) \
-	do { \
-		if(((rsa)->flags & RSA_FLAG_BLINDING) && \
-				((rsa)->blinding == NULL)) \
-			rsa_eay_blinding(rsa, ctx); \
-	} while(0)
-
 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
@@ -208,6 +193,25 @@ err:
 	return(r);
 	}
 
+static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
+	{
+	int ret = 1;
+	CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+	/* Check again inside the lock - the macro's check is racey */
+	if(rsa->blinding == NULL)
+		ret = RSA_blinding_on(rsa, ctx);
+	CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+	return ret;
+	}
+
+#define BLINDING_HELPER(rsa, ctx, err_instr) \
+	do { \
+		if(((rsa)->flags & RSA_FLAG_BLINDING) && \
+				((rsa)->blinding == NULL) && \
+				!rsa_eay_blinding(rsa, ctx)) \
+			err_instr \
+	} while(0)
+
 /* signing */
 static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
@@ -252,7 +256,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 		goto err;
 		}
 
-	BLINDING_HELPER(rsa, ctx);
+	BLINDING_HELPER(rsa, ctx, goto err;);
 
 	if (rsa->flags & RSA_FLAG_BLINDING)
 		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -331,7 +335,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
 		goto err;
 		}
 
-	BLINDING_HELPER(rsa, ctx);
+	BLINDING_HELPER(rsa, ctx, goto err;);
 
 	if (rsa->flags & RSA_FLAG_BLINDING)
 		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
@@ -607,10 +611,6 @@ err:
 static int RSA_eay_init(RSA *rsa)
 	{
 	rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
-
-	/* Enforce blinding. */
-	rsa->flags|=RSA_FLAG_BLINDING;
-
 	return(1);
 	}
 
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_lib.c b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
index f71870a338..37fff8bce3 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_lib.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
@@ -70,7 +70,13 @@ static const RSA_METHOD *default_RSA_meth=NULL;
 
 RSA *RSA_new(void)
 	{
-	return(RSA_new_method(NULL));
+	RSA *r=RSA_new_method(NULL);
+
+#ifndef OPENSSL_NO_FORCE_RSA_BLINDING
+	r->flags|=RSA_FLAG_BLINDING;
+#endif
+
+	return r;
 	}
 
 void RSA_set_default_method(const RSA_METHOD *meth)
@@ -181,10 +187,6 @@ RSA *RSA_new_method(ENGINE *engine)
 		OPENSSL_free(ret);
 		ret=NULL;
 		}
-
-	/* Enforce blinding. */
-	ret->flags |= RSA_FLAG_BLINDING;
-
 	return(ret);
 	}
 
-- 
cgit v1.2.3-55-g6feb