make sure RSA blinding works when the PRNG is not properly seeded;
enable it automatically for the built-in engine
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index 24c7769..6bc6ef3 100644
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -211,6 +211,25 @@
return(r);
}
+static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
+ {
+ int ret = 1;
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ /* Check again inside the lock - the macro's check is racey */
+ if(rsa->blinding == NULL)
+ ret = RSA_blinding_on(rsa, ctx);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+ return ret;
+ }
+
+#define BLINDING_HELPER(rsa, ctx, err_instr) \
+ do { \
+ if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \
+ ((rsa)->blinding == NULL) && \
+ !rsa_eay_blinding(rsa, ctx)) \
+ err_instr \
+ } while(0)
+
/* signing */
static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
@@ -255,9 +274,9 @@
goto err;
}
- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
- RSA_blinding_on(rsa,ctx);
- if (rsa->flags & RSA_FLAG_BLINDING)
+ BLINDING_HELPER(rsa, ctx, goto err;);
+
+ if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
@@ -274,7 +293,7 @@
rsa->_method_mod_n)) goto err;
}
- if (rsa->flags & RSA_FLAG_BLINDING)
+ if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
/* put in leading 0 bytes if the number is less than the
@@ -336,9 +355,9 @@
goto err;
}
- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
- RSA_blinding_on(rsa,ctx);
- if (rsa->flags & RSA_FLAG_BLINDING)
+ BLINDING_HELPER(rsa, ctx, goto err;);
+
+ if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
/* do the decrypt */
@@ -357,7 +376,7 @@
goto err;
}
- if (rsa->flags & RSA_FLAG_BLINDING)
+ if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
p=buf;
