Loading CHANGES +6 −0 Original line number Diff line number Diff line Loading @@ -10,6 +10,12 @@ in ssl3_get_client_key_exchange (ssl/s3_srvr.c). [Bodo Moeller] *) Turn on RSA blinding by default, to avoid a timing attack. Applications that don't want it can call RSA_blinding_off(). They would be ill-advised to do so in most cases. The automatic enabling can also be turned off by defining OPENSSL_FORCE_NO_RSA_BLINDING at compile-time. [Ben Laurie, Steve Henson, Geoff Thorpe] Changes between 0.9.6h and 0.9.6i [19 Feb 2003] *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked Loading crypto/rsa/rsa_eay.c +23 −4 Original line number Diff line number Diff line Loading @@ -190,6 +190,25 @@ err: return(r); } static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) { int ret = 1; CRYPTO_w_lock(CRYPTO_LOCK_RSA); /* Check again inside the lock - the macro's check is racey */ if(rsa->blinding == NULL) ret = RSA_blinding_on(rsa, ctx); CRYPTO_w_unlock(CRYPTO_LOCK_RSA); return ret; } #define BLINDING_HELPER(rsa, ctx, err_instr) \ do { \ if(((rsa)->flags & RSA_FLAG_BLINDING) && \ ((rsa)->blinding == NULL) && \ !rsa_eay_blinding(rsa, ctx)) \ err_instr \ } while(0) /* signing */ static int RSA_eay_private_encrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding) Loading Loading @@ -234,8 +253,8 @@ static int RSA_eay_private_encrypt(int flen, unsigned char *from, goto err; } if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) RSA_blinding_on(rsa,ctx); BLINDING_HELPER(rsa, ctx, goto err;); if (rsa->flags & RSA_FLAG_BLINDING) if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; Loading Loading @@ -313,8 +332,8 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from, goto err; } if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) RSA_blinding_on(rsa,ctx); BLINDING_HELPER(rsa, ctx, goto err;); if (rsa->flags & RSA_FLAG_BLINDING) if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; Loading crypto/rsa/rsa_lib.c +7 −1 Original line number Diff line number Diff line Loading @@ -71,7 +71,13 @@ static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL; RSA *RSA_new(void) { return(RSA_new_method(NULL)); RSA *r=RSA_new_method(NULL); #ifndef OPENSSL_NO_FORCE_RSA_BLINDING r->flags|=RSA_FLAG_BLINDING; #endif return r; } void RSA_set_default_method(RSA_METHOD *meth) Loading Loading
CHANGES +6 −0 Original line number Diff line number Diff line Loading @@ -10,6 +10,12 @@ in ssl3_get_client_key_exchange (ssl/s3_srvr.c). [Bodo Moeller] *) Turn on RSA blinding by default, to avoid a timing attack. Applications that don't want it can call RSA_blinding_off(). They would be ill-advised to do so in most cases. The automatic enabling can also be turned off by defining OPENSSL_FORCE_NO_RSA_BLINDING at compile-time. [Ben Laurie, Steve Henson, Geoff Thorpe] Changes between 0.9.6h and 0.9.6i [19 Feb 2003] *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked Loading
crypto/rsa/rsa_eay.c +23 −4 Original line number Diff line number Diff line Loading @@ -190,6 +190,25 @@ err: return(r); } static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) { int ret = 1; CRYPTO_w_lock(CRYPTO_LOCK_RSA); /* Check again inside the lock - the macro's check is racey */ if(rsa->blinding == NULL) ret = RSA_blinding_on(rsa, ctx); CRYPTO_w_unlock(CRYPTO_LOCK_RSA); return ret; } #define BLINDING_HELPER(rsa, ctx, err_instr) \ do { \ if(((rsa)->flags & RSA_FLAG_BLINDING) && \ ((rsa)->blinding == NULL) && \ !rsa_eay_blinding(rsa, ctx)) \ err_instr \ } while(0) /* signing */ static int RSA_eay_private_encrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding) Loading Loading @@ -234,8 +253,8 @@ static int RSA_eay_private_encrypt(int flen, unsigned char *from, goto err; } if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) RSA_blinding_on(rsa,ctx); BLINDING_HELPER(rsa, ctx, goto err;); if (rsa->flags & RSA_FLAG_BLINDING) if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; Loading Loading @@ -313,8 +332,8 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from, goto err; } if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) RSA_blinding_on(rsa,ctx); BLINDING_HELPER(rsa, ctx, goto err;); if (rsa->flags & RSA_FLAG_BLINDING) if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; Loading
crypto/rsa/rsa_lib.c +7 −1 Original line number Diff line number Diff line Loading @@ -71,7 +71,13 @@ static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL; RSA *RSA_new(void) { return(RSA_new_method(NULL)); RSA *r=RSA_new_method(NULL); #ifndef OPENSSL_NO_FORCE_RSA_BLINDING r->flags|=RSA_FLAG_BLINDING; #endif return r; } void RSA_set_default_method(RSA_METHOD *meth) Loading
